skip to main content
article

An abstract memory functor for verified C static analyzers

Published:04 September 2016Publication History
Skip Abstract Section

Abstract

Abstract interpretation provides advanced techniques to infer numerical invariants on programs. There is an abundant literature about numerical abstract domains that operate on scalar variables. This work deals with lifting these techniques to a realistic C memory model. We present an abstract memory functor that takes as argument any standard numerical abstract domain, and builds a memory abstract domain that finely tracks properties about memory contents, taking into account union types, pointer arithmetic and type casts. This functor is implemented and verified inside the Coq proof assistant with respect to the CompCert compiler memory model. Using the Coq extraction mechanism, it is fully executable and used by the Verasco C static analyzer.

References

  1. Companion website, 2016. http://www.irisa.fr/celtique/ext/ abstract-memory.Google ScholarGoogle Scholar
  2. Yves Bertot. Structural abstract interpretation: A formal study using Coq. In Language Engineering and Rigorous Software Development, LerNet Summer School, pages 153–194. Springer, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Sandrine Blazy, Vincent Laporte, André Maroneze, and David Pichardie. Formal verification of a C value analysis based on abstract interpretation. In Proceddings of Static Analysis Symposium (SAS), volume 7935 of LNCS, pages 324–344. Springer, 2013.Google ScholarGoogle Scholar
  4. François Bourdoncle. Efficient chaotic iteration strategies with widenings. In Proceedings of FMPA, volume 735 of LNCS, pages 128–141. Springer, 1993.Google ScholarGoogle Scholar
  5. David Cachera, Thomas P. Jensen, David Pichardie, and Vlad Rusu. Extracting a data flow analyser in constructive logic. Theoretical Computer Science, 342(1):56–78, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Patrick Cousot and Radhia Cousot. Static determination of dynamic properties of programs. In Proceedings of the Second International Symposium on Programming, pages 106–130. Dunod, Paris, France, 1976.Google ScholarGoogle Scholar
  7. Patrick Cousot and Radhia Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In 4th Symposium on Principles of Programming Languages (POPL), pages 238–252. ACM, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Patrick Cousot and Nicolas Halbwachs. Automatic discovery of linear restraints among variables of a program. In 5th Symposium on Principles of Programming Languages (POPL), pages 84–97, Tucson, Arizona, 1978. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Patrick Cousot, Radhia Cousot, Jérôme Feret, Laurent Mauborgne, Antoine Miné, David Monniaux, and Xavier Rival. The ASTRÉE Analyser. In Proceedings of European Symposium On Programming (ESOP’05), volume 3444 of LNCS, pages 21–30. Springer, 2005.Google ScholarGoogle Scholar
  10. Alexis Fouilhé, David Monniaux, and Michaël Périn. Efficient generation of correctness certificates for the abstract domain of polyhedra. In Proceedings of Static Analysis Symposium (SAS), volume 7935 of LNCS, pages 345–365. Springer, 2013.Google ScholarGoogle Scholar
  11. Denis Gopan, Frank DiMaio, Nurit Dor, Thomas Reps, and Mooly Sagiv. Numeric domains with summarized dimensions. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pages 512–529. Springer, 2004.Google ScholarGoogle Scholar
  12. Philippe Granger. Static analysis of arithmetical congruences. International Journal of Computer Mathematics, 30(3-4):165–190, 1989.Google ScholarGoogle ScholarCross RefCross Ref
  13. Philippe Granger. Static analysis of linear congruence equalities among variables of a program. In Proceedings of TAPSOFT’91, pages 169–192. Springer, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. ISO. The ANSI C standard (C99). Technical Report WG14 N1124, ISO/IEC, 1999.Google ScholarGoogle Scholar
  15. Jacques-Henri Jourdan, Vincent Laporte, Sandrine Blazy, Xavier Leroy, and David Pichardie. A formally-verified C static analyzer. In Proc. of the 42th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL). ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Michael Karr. Affine relationships among variables of a program. Acta Informatica, 6(2):133–151, 1976. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Gerwin Klein and Tobias Nipkow. A machine-checked model for a Java-like language, virtual machine, and compiler. ACM Transactions Programming Languages and Systems, 28(4):619–695, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Xavier Leroy. Formal verification of a realistic compiler. Commun. ACM, 52(7):107–115, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Xavier Leroy. A formally verified compiler back-end. Journal of Automated Reasoning, 43(4):363–446, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Xavier Leroy and Valentin Robert. A formally-verified alias analysis. In Proceedings of Certified Proofs and Programs (CPP), volume 7679 of LNCS, pages 11–26. Springer, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Antoine Miné. Weakly relational numerical abstract domains. Ph.D. thesis, École Polytechnique, 2004.Google ScholarGoogle Scholar
  22. Antoine Miné. Field-sensitive value analysis of embedded c programs with union types and pointer arithmetics. In Proc. of The ACM SIGPLAN-SIGBED Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES’06), pages 54–63. ACM, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Durica Nikolic and Fausto Spoto. Inferring complete initialization of arrays. Theoretical Computer Science, 484:16–40, 05 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Tobias Nipkow. Abstract interpretation of annotated commands. In Proceedings of Interactive Theorem Proving (ITP), volume 7406 of LNCS, pages 116–132. Springer, 2012.Google ScholarGoogle Scholar
  25. The Coq development team. The Coq proof assistant reference manual. Inria, 2012.Google ScholarGoogle Scholar
  26. Xuejun Yang, Yang Chen, Eric Eide, and John Regehr. Finding and understanding bugs in C compilers. In Conference on Programming Languages Design and Implementation (PLDI), volume 46, pages 283– 294. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. An abstract memory functor for verified C static analyzers

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!