Abstraction and subsumption in modular verification of C programs

Abstract Separation logic is a powerful program logic for the static modular verification of imperative programs. However, dynamic checking of separation logic contracts on the boundaries between verified and untrusted modules is hard because it requires one to enforce (among other things) that outcalls from a verified to an untrusted module do not access memory resources currently owned by the verified module. This paper proposes an approach to dynamic contract checking by relying on support for capabilities, a well-studied form of unforgeable memory pointers that enables fine-grained, efficient memory access control. More specifically, we rely on a form of capabilities called linear capabilities for which the hardware enforces that they cannot be copied. We formalize our approach as a fully abstract compiler from a statically verified source language to an unverified target language with support for linear capabilities. The key insight behind our compiler is that memory resources described by spatial separation logic predicates can be represented at run time by linear capabilities. The compiler is separation-logic-proof-directed: it uses the separation logic proof of the source program to determine how memory accesses in the source program should be compiled to linear capability accesses in the target program. The full abstraction property of the compiler essentially guarantees that compiled verified modules can interact with untrusted target language modules as if they were compiled from verified code as well. This article is an extended version of one that was presented at ICFP 2019 (Van Strydonck et al., 2019).

Download Full-text

Static deadlock detection for asynchronous C# programs

ACM SIGPLAN Notices ◽

10.1145/3140587.3062361 ◽

2017 ◽

Vol 52 (6) ◽

pp. 292-305 ◽

Cited By ~ 1

Author(s):

Anirudh Santhiar ◽

Aditya Kanade

Keyword(s):

Deadlock Detection ◽

C Programs

Download Full-text

Verification of C Buffer Overflows in C Programs

2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet) ◽

10.1109/roedunet.2018.8514126 ◽

2018 ◽

Cited By ~ 1

Author(s):

Andreea Bican ◽

Razvan Deaconescu ◽

Wei Ngan Chin ◽

Quang-Trung Ta

Keyword(s):

C Programs ◽

Buffer Overflows

Download Full-text

Modular verification of concurrent assembly code with dynamic thread creation and termination

Proceedings of the tenth ACM SIGPLAN international conference on Functional programming - ICFP '05 ◽

10.1145/1086365.1086399 ◽

2005 ◽

Cited By ~ 22

Author(s):

Xinyu Feng ◽

Zhong Shao

Keyword(s):

Assembly Code ◽

Modular Verification

Download Full-text

Modular verification of programs with effects and effects handlers

Formal Aspects of Computing ◽

10.1007/s00165-020-00523-2 ◽

2020 ◽

Author(s):

Thomas Letan ◽

Yann Régis-Gianas ◽

Pierre Chifflier ◽

Guillaume Hiet

Keyword(s):

Modular Verification

Download Full-text

Fault Localization in Multi-threaded C Programs Using Bounded Model Checking

2015 Brazilian Symposium on Computing Systems Engineering (SBESC) ◽

10.1109/sbesc.2015.25 ◽

2015 ◽

Cited By ~ 2

Author(s):

Erickson H.S. Da Alves ◽

Lucas C. Cordeiro ◽

Eddie B. De Lima Filho

Keyword(s):

Model Checking ◽

Fault Localization ◽

Bounded Model Checking ◽

C Programs

Download Full-text

Shape Neutral Analysis of Graph-based Data-structures

Theory and Practice of Logic Programming ◽

10.1017/s147106841800025x ◽

2018 ◽

Vol 18 (3-4) ◽

pp. 470-483 ◽

Cited By ~ 1

Author(s):

GREGORY J. DUCK ◽

JOXAN JAFFAR ◽

ROLAND H. C. YAP

Keyword(s):

Data Structure ◽

Data Structures ◽

Program Analysis ◽

Constraint Handling ◽

C Programs ◽

Wide Range ◽

Target Program ◽

Target Data ◽

Structure Graph ◽

Structure Properties

AbstractMalformed data-structures can lead to runtime errors such as arbitrary memory access or corruption. Despite this, reasoning over data-structure properties for low-level heap manipulating programs remains challenging. In this paper we present a constraint-based program analysis that checks data-structure integrity, w.r.t. given target data-structure properties, as the heap is manipulated by the program. Our approach is to automatically generate a solver for properties using the type definitions from the target program. The generated solver is implemented using a Constraint Handling Rules (CHR) extension of built-in heap, integer and equality solvers. A key property of our program analysis is that the target data-structure properties are shape neutral, i.e., the analysis does not check for properties relating to a given data-structure graph shape, such as doubly-linked-lists versus trees. Nevertheless, the analysis can detect errors in a wide range of data-structure manipulating programs, including those that use lists, trees, DAGs, graphs, etc. We present an implementation that uses the Satisfiability Modulo Constraint Handling Rules (SMCHR) system. Experimental results show that our approach works well for real-world C programs.

Download Full-text