An Executable Formal Semantics of C with Applications

From FSL
Jump to: navigation, search

PhD Thesis'12

A Formal Semantics of C with Applications
Chucky Ellison
PhD Thesis, University of Illinois. July 2012
Abstract. This dissertation shows that complex, real programming languages can be completely formalized in the K Framework, yielding interpreters and analysis tools for testing and bug detection. This is demonstrated by providing, in K, the first complete formal semantics of the C programming language. With varying degrees of effort, tools such as interpreters, debuggers, and model-checkers, together with tools that check for memory safety, races, deadlocks, and undefined behavior are then generated from the semantics. Being executable, the semantics has been thoroughly tested against the GCC torture test suite and successfully passes 99.2\% of 776 test programs. The semantics is also evaluated against popular analysis tools, using a new test suite in addition to a third-party test suite. The semantics-based tool performs at least as well or better than the other tools tested.
PDF, K, DOI, BIB

POPL'12

An Executable Formal Semantics of C with Applications
Chucky Ellison and Grigore Rosu
POPL'12, ACM, pp 533-544. 2012
Abstract. This paper describes an executable formal semantics of C. Being executable, the semantics has been thoroughly tested against the GCC torture test suite and successfully passes 99.2\% of 776 test programs. It is the most complete and thoroughly tested formal definition of C to date. The semantics yields an interpreter, debugger, state space search tool, and model checker "for free". The semantics is shown capable of automatically finding program errors, both statically and at runtime. It is also used to enumerate nondeterministic behavior.
PDF, Slides(PDF), Semantics, DOI, POPL'12, BIB


Technical Reports

An Executable Formal Semantics of C with Applications
Chucky Ellison and Grigore Rosu
Technical Report http://hdl.handle.net/2142/25816, July 2011
Abstract. This paper describes an executable formal semantics of C. Being executable, the semantics has been thoroughly tested against the GCC torture test suite and successfully passes 770 of 776 test programs. It is the most complete and thoroughly tested formal definition of C to date. The semantics yields an interpreter, debugger, state space search tool, and model checker "for free". The semantics is shown capable of automatically finding program errors, both statically and at runtime. It is also used to enumerate nondeterministic behavior.
PDF, C Semantics, DOI, BIB

A Formal Semantics of C with Applications
Chucky Ellison and Grigore Rosu
Technical Report http://hdl.handle.net/2142/17414, November 2010
Abstract. This paper describes an executable formal semantics of C expressed using a formalism based on term rewriting. Being executable, the semantics has been thoroughly tested against the GCC torture test suite and successfully passes over 96\% of 715 test programs. It is the most complete and thoroughly tested formal definition of C to date. The semantics yields an interpreter, debugger, and state space search tool "for free". The semantics is shown capable of automatically finding program errors, both statically and at runtime. It is also used to enumerate nondeterministic behavior. These techniques together allow the tool to identify undefined programs.
PDF, C Semantics, DOI, BIB


Personal tools
Namespaces

Variants
Actions
Navigation