The dogged pursuit of bug-free C programs

Baudin, Patrick; Bobot, François; Bühler, David; Correnson, Loïc; Kirchner, Florent; Kosmatov, Nikolaï; Maroneze, André; Perrelle, Valentin; Prévosto, Virgile; Signoles, Julien; Williams, Nicky

doi:10.1145/3470569

Cited by 41 publications

(20 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We select 3 tools representing popular formal techniques currently used in the industry: KLEE [4] for symbolic execution [9] (bug finding), and Frama-C [1] with its EVA plug-in [30] for abstract interpretation [12], [31] (runtime error verification) and WP plug-in [32] for deductive verification [10], [11] (functional correctness).…”

Section: B Adequacy To Formal Verification Tools (Rq2 Rq3)mentioning

confidence: 99%

“…Weakest precondition calculus. We use the deductive verification Frama-C plug-in WP [34], [32]. We take 12 assemblyoptimized functions (see details in Supplementary, Table IX): 6 excerpts from ffmpeg, GMP, libyuv, libgcrypt and UDPCast, 2 others adapted from optimized assembly snippets and 4 translated examples from ACSL by example [35].…”

Section: B Adequacy To Formal Verification Tools (Rq2 Rq3)mentioning

confidence: 99%

See 1 more Smart Citation

Get Rid of Inline Assembly through Verification-Oriented Lifting

Recoules

Bardin

Bonichon

et al. 2019

2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE)

View full text Add to dashboard Cite

Formal methods for software development have made great strides in the last two decades, to the point that their application in safety-critical embedded software is an undeniable success. Their extension to non-critical software is one of the notable forthcoming challenges. For example, C programmers regularly use inline assembly for low-level optimizations and system primitives. This usually results in rendering state-ofthe-art formal analyzers developed for C ineffective. We thus propose TINA, the first automated, generic, verification-friendly and trustworthy lifting technique turning inline assembly into semantically equivalent C code amenable to verification, in order to take advantage of existing C analyzers. Extensive experiments on real-world code (including GMP and ffmpeg) show the feasibility and benefits of TINA.Assuming no side-effect beyond those mentioned in output operands'. 1 # 54 "/usr/include/i386-linux-gnu/sys/select.h" 2 typedef long int __ fd _ mask; 3 4 # 64 "/usr/include/i386-linux-gnu/sys/select.h" 5 typedef struct { 6 __ fd _ mask __ fds _ bits[1024 / (8 * sizeof( __ fd _ mask))]; 7 } fd _ set; 8 9 # 1074 "socklib.c" 10 int udpc _ prepareForSelect 11 (int * socks, int nr, fd _ set * read _ set) 12 { 13 / * [...] * / 14 int maxFd; 15 do { 16 int __ d0, __ d1; 17 __ asm __ __ volatile __ 18 ("cld; rep; " "stosl" 19: "=c" ( __ d0), "=D" ( __ d1) 20 : "a" (0), 21 "0" (sizeof(fd _ set) / sizeof( __ fd _ mask)), 22 void sub _ median _ pred _ mmxext(uint8 _ t * dst, uint8 _ t const * src1,

show abstract

Section: B Adequacy To Formal Verification Tools (Rq2 Rq3)mentioning

confidence: 99%

Section: B Adequacy To Formal Verification Tools (Rq2 Rq3)mentioning

confidence: 99%

Get Rid of Inline Assembly through Verification-Oriented Lifting

Recoules

Bardin

Bonichon

et al. 2019

2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE)

View full text Add to dashboard Cite

show abstract

“…4.2]. This recent definition [6] covers the relevant aspects quite well, stating that "formal methods are a set of techniques based on logic, mathematics, and theoretical computer science which are used for specifying, developing, and verifying software and hardware systems." We slightly refine this notion, saying that, by a formal method, we refer to an explicit mathematical model and sound logical reasoning about critical properties [55]-such as reliability, safety, security, dependability, performance, uncertainty, or cost-of a class of electrical, electronic, and programmable electronic or software systems.…”

Section: Introductionmentioning

confidence: 99%

“…A manifesto can be understood as "a series of technical or expert views on a particular engineering task" [43], "a set of commitments" of a community [53], or "a focal point of reference" catalysing communities [7]. Inspired by successful similar efforts in other domains [7], 6 we summarise: A manifesto expresses consensual agreement among stakeholders (e.g., experts, thought leaders, users) in a domain, it is based on corresponding definitions, it concisely conveys guidance in terms of principles, it discloses aims and commitments in form of an appeal, it suggests actions, and it can join forces and, thus, initiate change.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Manifesto for Applicable Formal Methods

Gleirscher¹,

Pol²,

Woodcock³

2021

Preprint

View full text Add to dashboard Cite

Formal methods were frequently shown to be effective and, perhaps because of that, practitioners are interested in using them more often. Still, these methods are far less applied than expected, particularly, in critical domains where they are strongly recommended and where they have the greatest potential. Our hypothesis is that formal methods still seem not to be applicable enough or ready for their intended use. In critical software engineering, what do we mean when we speak of a formal method ? And what does it mean for such a method to be applicable both from a scientific and practical viewpoint? Based on what the literature tells about the first question, with this manifesto, we lay out a set of principles that when followed by a formal method give rise to its mature applicability in a given scope. Rather than exercising criticism of past developments, this manifesto strives to foster an increased use of formal methods to the maximum benefit.

show abstract