Abstract
This paper reports on the design and soundness proof, using the Coq proof assistant, of Verasco, a static analyzer based on abstract interpretation for most of the ISO C 1999 language (excluding recursion and dynamic allocation). Verasco establishes the absence of run-time errors in the analyzed programs. It enjoys a modular architecture that supports the extensible combination of multiple abstract domains, both relational and non-relational. Verasco integrates with the CompCert formally-verified C compiler so that not only the soundness of the analysis results is guaranteed with mathematical certitude, but also the fact that these guarantees carry over to the compiled code.
Supplemental Material
- A. Ahmed, A. W. Appel, C. D. Richards, K. N. Swadi, G. Tan, and D. C. Wang. Semantic foundations for typed assembly languages. ACM Trans. Program. Lang. Syst., 32(3), 2010. Google Scholar
Digital Library
- A. W. Appel. Program Logics for Certified Compilers. Cambridge University Press, 2014. Google Scholar
Cross Ref
- A. W. Appel and S. Blazy. Separation logic for small-step Cminor. In TPHOLs, volume 4732 of LNCS, pages 5--21. Springer, 2007. Google Scholar
Digital Library
- A. W. Appel and D. A. McAllester. An indexed model of recursive types for foundational proof-carrying code. ACM Trans. Program. Lang. Syst., 23(5):657--683, 2001. Google Scholar
Digital Library
- Y. Bertot. Structural abstract interpretation: A formal study using Coq. In Language Engineering and Rigorous Software Development, LerNet Summer School, pages 153--194. Springer, 2008. Google Scholar
Digital Library
- B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safety-critical software. In PLDI, pages 196--207. ACM, 2003. Google Scholar
Digital Library
- S. Blazy, Z. Dargaye, and X. Leroy. Formal verification of a C compiler front-end. In Formal Methods, volume 4085 of LNCS, pages 460--475. Springer, 2006. Google Scholar
Digital Library
- S. Blazy, V. Laporte, A. Maroneze, and D. Pichardie. Formal verification of a C value analysis based on abstract interpretation. In SAS, volume 7935 of LNCS, pages 324--344. Springer, 2013.Google Scholar
Cross Ref
- S. Boldo and G. Melquiond. Flocq: A unified library for proving floating-point algorithms in Coq. In ARITH, pages 243--252. IEEE, 2011. Google Scholar
Digital Library
- T. Braibant, J.-H. Jourdan, and D. Monniaux. Implementing and reasoning about hash-consed data structures in Coq. J. Autom. Reasoning, 53(3):271--304, 2014. Google Scholar
Digital Library
- D. Cachera, T. P. Jensen, D. Pichardie, and V. Rusu. Extracting a data flow analyser in constructive logic. Theor. Comput. Sci., 342(1):56--78, 2005. Google Scholar
Digital Library
- A. Chlipala. Modular development of certified program verifiers with a proof assistant,. J. Funct. Program., 18(5--6):599--647, 2008. Google Scholar
Digital Library
- S. Cho, J. Kang, J. Choi, C.-K. Hur, and K. Yi. SparrowBerry: A verified validator for an industrial-strength static analyzer.texttthttp://ropas.snu.ac.kr/sparrowberry/, 2013.Google Scholar
- P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, pages 238--252. ACM, 1977. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In POPL, page 269--282. ACM, 1979. Google Scholar
Digital Library
- P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, and X. Rival. Why does Astrée scale up? Formal Methods in System Design, 35(3):229--264, 2009. Google Scholar
Digital Library
- P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. Combination of abstractions in the Astrée static analyzer. In ASIAN, volume 4435 of LNCS, pages 272--300. Springer, 2006. Google Scholar
Digital Library
- A. Fouilhé, D. Monniaux, and M. Périn. Efficient generation of correctness certificates for the abstract domain of polyhedra. In SAS, volume 7935 of LNCS, pages 345--365. Springer, 2013.Google Scholar
Cross Ref
- A. Fouilhé and S. Boulmé. A certifying frontend for (sub)polyhedral abstract domains. In VSTTE, volume 8471 of LNCS, pages 200--215. Springer, 2014.Google Scholar
Cross Ref
- D. Greenaway, J. Andronick, and G. Klein. Bridging the gap: Automatic verified abstraction of C. In ITP, volume 7406 of LNCS, pages 99--115. Springer, 2012.Google Scholar
Cross Ref
- S. Gulwani, A. Tiwari, and G. C. Necula. Join algorithms for the theory of uninterpreted functions. In FSTTCS, volume 3328 of LNCS, pages 311--323. Springer, 2004. Google Scholar
Digital Library
- N. Halbwachs and M. Péron. Discovering properties about arrays in simple programs. In PLDI, pages 339--348. ACM, 2008. Google Scholar
Digital Library
- P. Herms, C. Marché, and B. Monate. A certified multi-prover verification condition generator. In VSTTE, volume 7152 of LNCS, pages 2--17. Springer, 2012. Google Scholar
Digital Library
- M. Hofmann, A. Karbyshev, and H. Seidl. Verifying a local generic solver in Coq. In SAS, volume 6337 of LNCS, pages 340--355, 2010. Google Scholar
Digital Library
- G. Klein and T. Nipkow. A machine-checked model for a Java-like language, virtual machine, and compiler. ACM Trans. Program. Lang. Syst., 28(4):619--695, 2006. Google Scholar
Digital Library
- X. Leroy. Formal verification of a realistic compiler. Comm. ACM, 52(7):107--115, 2009. Google Scholar
Digital Library
- X. Leroy. A formally verified compiler back-end. J. Automated Reasoning, 43(4):363--446, 2009. Google Scholar
Digital Library
- A. Miné. The octagon abstract domain. Higher-Order and Symbolic Computation, 19(1):31--100, 2006. Google Scholar
Digital Library
- A. Miné. Symbolic methods to enhance the precision of numerical abstract domains. In VMCAI, volume 3855 of LNCS, pages 348--363. Springer, 2006. Google Scholar
Digital Library
- D. Monniaux. Réalisation mécanisée d'interpréteurs abstraits. Master's thesis, U. Paris 7, 1998.Google Scholar
- J. A. Navas, P. Schachte, H. Søndergaard, and P. J. Stuckey. Signedness-agnostic program analysis: Precise integer bounds for low-level code. In APLAS, volume 7705 of LNCS, pages 115--130. Springer, 2012.Google Scholar
Cross Ref
- F. Nielson, H. Nielson, and C. Hankin. Principles of Program Analysis. Springer, 2005. Google Scholar
Digital Library
- T. Nipkow. Abstract interpretation of annotated commands. In ITP, volume 7406 of LNCS, pages 116--132. Springer, 2012.Google Scholar
Cross Ref
- D. Pichardie. Interprétation abstraite en logique intuitionniste: extraction d'analyseurs Java certifiés. PhD thesis, U. Rennes 1, 2005.Google Scholar
- D. Pichardie. Building certified static analysers by modular construction of well-founded lattices. Electr. Notes Theor. Comput. Sci., 212:225--239, 2008. Google Scholar
Digital Library
- T. W. Reps, G. Balakrishnan, and J. Lim. Intermediate-representation recovery from low-level code. In PEPM, pages 100--111. ACM, 2006. Google Scholar
Digital Library
- X. Rival and L. Mauborgne. The trace partitioning abstract domain. ACM Trans. Program. Lang. Syst., 29(5), 2007. Google Scholar
Digital Library
Index Terms
A Formally-Verified C Static Analyzer
Recommendations
Formal verification of a realistic compiler
Barbara Liskov: ACM's A.M. Turing Award WinnerThis paper reports on the development and formal verification (proof of semantic preservation) of CompCert, a compiler from Clight (a large subset of the C programming language) to PowerPC assembly code, using the Coq proof assistant both for ...
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints
POPL '77: Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languagesA program denotes computations in some universe of objects. Abstract interpretation of programs consists in using that denotation to describe computations in another universe of abstract objects, so that the results of abstract execution give some ...
A Formally-Verified C Static Analyzer
POPL '15: Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming LanguagesThis paper reports on the design and soundness proof, using the Coq proof assistant, of Verasco, a static analyzer based on abstract interpretation for most of the ISO C 1999 language (excluding recursion and dynamic allocation). Verasco establishes the ...







Comments