research-article

Open Access

RefinedC: automating the foundational verification of C code with refined ownership types

Authors:
Michael Sammler

MPI-SWS, Germany

MPI-SWS, Germany
View Profile

,
Rodolphe Lepigre

MPI-SWS, Germany

MPI-SWS, Germany
View Profile

,
Robbert Krebbers

Radboud University Nijmegen, Netherlands

Radboud University Nijmegen, Netherlands
View Profile

,
Kayvan Memarian

University of Cambridge, UK

University of Cambridge, UK
View Profile

,
Derek Dreyer

MPI-SWS, Germany

MPI-SWS, Germany
View Profile

,
Deepak Garg

MPI-SWS, Germany

MPI-SWS, Germany

0000-0002-0888-3093
View Profile

PLDI 2021: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and ImplementationJune 2021Pages 158–174https://doi.org/10.1145/3453483.3454036

Published:18 June 2021Publication History

PLDI 2021: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation

Pages 158–174

ABSTRACT

Given the central role that C continues to play in systems software, and the difficulty of writing safe and correct C code, it remains a grand challenge to develop effective formal methods for verifying C programs. In this paper, we propose a new approach to this problem: a type system we call RefinedC, which combines ownership types (for modular reasoning about shared state and concurrency) with refinement types (for encoding precise invariants on C data types and Hoare-style specifications for C functions).

RefinedC is both automated (requiring minimal user intervention) and foundational (producing a proof of program correctness in Coq), while at the same time handling a range of low-level programming idioms such as pointer arithmetic. In particular, following the approach of RustBelt, the soundness of the RefinedC type system is justified semantically by interpretation into the Coq-based Iris framework for higher-order concurrent separation logic. However, the typing rules of RefinedC are also designed to be encodable in a new “separation logic programming” language we call Lithium. By restricting to a carefully chosen (yet expressive) fragment of separation logic, Lithium supports predictable, automatic, goal-directed proof search without backtracking. We demonstrate the effectiveness of RefinedC on a range of representative examples of C code.

References

Jean-Marc Andreoli. 1992. Logic programming with focusing proofs in linear logic. J. Log. Comput., 2, 3 (1992), 297–347. https://doi.org/10.1093/logcom/2.3.297 Google ScholarCross Ref
Andrew W. Appel. 2014. Program Logics for Certified Compilers. Cambridge University Press. https://www.cambridge.org/de/academic/subjects/computer-science/programming-languages-and-applied-logic/program-logics-certified-compilersGoogle ScholarDigital Library
Pablo A. Armelín and David J. Pym. 2001. Bunched logic programming. In IJCAR (LNCS, Vol. 2083). Springer, 289–304. https://doi.org/10.1007/3-540-45744-5_21 Google ScholarCross Ref
Alexander Bakst and Ranjit Jhala. 2016. Predicate abstraction for linked data structures. In VMCAI (LNCS, Vol. 9583). Springer, 65–84. https://doi.org/10.1007/978-3-662-49122-5_3 Google ScholarDigital Library
Mark Batty, Scott Owens, Susmit Sarkar, Peter Sewell, and Tjark Weber. 2011. Mathematizing C++ concurrency. In POPL. ACM, 55–66. https://doi.org/10.1145/1926385.1926394 Google ScholarDigital Library
Josh Berdine, Cristiano Calcagno, and Peter W. O’Hearn. 2004. A decidable fragment of separation logic. In FSTTCS (LNCS, Vol. 3328). Springer, 97–109. https://doi.org/10.1007/978-3-540-30538-5_9 Google ScholarDigital Library
Josh Berdine, Cristiano Calcagno, and Peter W. O’Hearn. 2005. Smallfoot: Modular automatic assertion checking with separation logic. In FMCO (LNCS, Vol. 4111). Springer, 115–137. https://doi.org/10.1007/11804192_6 Google ScholarDigital Library
Sylvie Boldo and Guillaume Melquiond. 2011. Flocq: A unified library for proving floating-point algorithms in Coq. In ARITH. IEEE Computer Society, 243–252. https://doi.org/10.1109/ARITH.2011.40 Google ScholarDigital Library
Cristiano Calcagno, Dino Distefano, Peter W. O’Hearn, and Hongseok Yang. 2009. Compositional shape analysis by means of bi-abduction. In POPL. ACM, 289–300. https://doi.org/10.1145/1480881.1480917 Google ScholarDigital Library
Qinxiang Cao, Lennart Beringer, Samuel Gruetter, Josiah Dodds, and Andrew W. Appel. 2018. VST-Floyd: A separation logic tool to verify correctness of C programs. J. Autom. Reason., 61, 1-4 (2018), 367–422. https://doi.org/10.1007/s10817-018-9457-5 Google ScholarDigital Library
Qinxiang Cao, Shengyi Wang, Aquinas Hobor, and Andrew W. Appel. 2019. Proof pearl: Magic wand as frame. CoRR, abs/1909.08789 (2019), arxiv:1909.08789Google Scholar
Arthur Charguéraud. 2016. Higher-order representation predicates in separation logic. In CPP. ACM, 3–14. https://doi.org/10.1145/2854065.2854068 Google ScholarDigital Library
Adam Chlipala. 2011. Mostly-automated verification of low-level programs in computational separation logic. In PLDI. ACM, 234–245. https://doi.org/10.1145/1993498.1993526 Google ScholarDigital Library
Adam Chlipala. 2013. The Bedrock structured programming system: Combining generative metaprogramming and Hoare logic in an extensible program verifier. In ICFP. ACM, 391–402. https://doi.org/10.1145/2500365.2500592 Google ScholarDigital Library
Adam Chlipala. 2015. From network interface to multithreaded web applications: A case study in modular program verification. In POPL. ACM, 609–622. https://doi.org/10.1145/2676726.2677003 Google ScholarDigital Library
Duc-Hiep Chu, Joxan Jaffar, and Minh-Thai Trinh. 2015. Automatic induction proofs of data-structures in imperative programs. In PLDI. ACM, 457–466. https://doi.org/10.1145/2737924.2737984 Google ScholarDigital Library
Ernie Cohen, Markus Dahlweid, Mark A. Hillebrand, Dirk Leinenbach, Michal Moskal, Thomas Santen, Wolfram Schulte, and Stephan Tobies. 2009. VCC: A practical system for verifying concurrent C. In TPHOLs (LNCS, Vol. 5674). Springer, 23–42. https://doi.org/10.1007/978-3-642-03359-9_2 Google ScholarDigital Library
Ernie Cohen, Mark A. Hillebrand, Stephan Tobies, Michał Moskal, and Wolfram Schulte. 2012. Verifying C programs: A VCC tutorial. https://archive.codeplex.com/projects/VCC/fda99f81-18b5-45ae-8f49-5b28c747dcc3Google Scholar
Jeremy Condit, Brian Hackett, Shuvendu K. Lahiri, and Shaz Qadeer. 2009. Unifying type checking and property checking for low-level code. In POPL. ACM, 302–314. https://doi.org/10.1145/1480881.1480921 Google ScholarDigital Library
Jeremy Condit, Matthew Harren, Zachary R. Anderson, David Gay, and George C. Necula. 2007. Dependent types for low-level programming. In ESOP (LNCS, Vol. 4421). Springer, 520–535. https://doi.org/10.1007/978-3-540-71316-6_35 Google ScholarCross Ref
Pascal Cuoq, Florent Kirchner, Nikolai Kosmatov, Virgile Prevosto, Julien Signoles, and Boris Yakobowski. 2012. Frama-C: A software analysis perspective. In SEFM (LNCS, Vol. 7504). Springer, 233–247. https://doi.org/10.1007/978-3-642-33826-7_16 Google ScholarDigital Library
Hoang-Hai Dang, Jacques-Henri Jourdan, Jan-Oliver Kaiser, and Derek Dreyer. 2020. RustBelt meets relaxed memory. Proc. ACM Program. Lang., 4, POPL (2020), 34:1–34:29. https://doi.org/10.1145/3371102 Google ScholarDigital Library
David Delahaye. 2000. A tactic language for the system Coq. In LPAR (LNCS, Vol. 1955). Springer, 85–95. https://doi.org/10.1007/3-540-44404-1_7 Google ScholarCross Ref
Robert DeLine and Manuel Fähndrich. 2001. Enforcing high-level protocols in low-level software. In PLDI. ACM, 59–69. https://doi.org/10.1145/378795.378811 Google ScholarDigital Library
Archibald Samuel Elliott, Andrew Ruef, Michael Hicks, and David Tarditi. 2018. Checked C: making C safe by extension. In SecDev. IEEE Computer Society, 53–60. https://doi.org/10.1109/SecDev.2018.00015 Google ScholarCross Ref
Andres Erbsen, Jade Philipoom, Jason Gross, Robert Sloan, and Adam Chlipala. 2019. Simple high-level code for cryptographic arithmetic - with proofs, without compromises. In IEEE Symposium on Security and Privacy. IEEE, 1202–1219. https://doi.org/10.1109/SP.2019.00005 Google ScholarCross Ref
Xinyu Feng, Zhong Shao, Yu Guo, and Yuan Dong. 2008. Combining domain-specific and foundational logics to verify complete software systems. In VSTTE (LNCS, Vol. 5295). Springer, 54–69. https://doi.org/10.1007/978-3-540-87873-5_8 Google ScholarDigital Library
Timothy S. Freeman and Frank Pfenning. 1991. Refinement types for ML. In PLDI. ACM, 268–277. https://doi.org/10.1145/113445.113468 Google ScholarDigital Library
Dan Frumin, Léon Gondelman, and Robbert Krebbers. 2019. Semi-automated reasoning about non-determinism in C expressions. In ESOP (LNCS, Vol. 11423). Springer, 60–87. https://doi.org/10.1007/978-3-030-17184-1_3 Google ScholarCross Ref
David Greenaway, June Andronick, and Gerwin Klein. 2012. Bridging the gap: Automatic verified abstraction of C. In ITP (LNCS, Vol. 7406). Springer, 99–115. https://doi.org/10.1007/978-3-642-32347-8_8 Google ScholarCross Ref
David Greenaway, Japheth Lim, June Andronick, and Gerwin Klein. 2014. Don’t sweat the small stuff: formal verification of C code without the pain. In PLDI. ACM, 429–439. https://doi.org/10.1145/2594291.2594296 Google ScholarDigital Library
Ronghui Gu, Jérémie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan (Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2015. Deep specifications and certified abstraction layers. In POPL. ACM, 595–608. https://doi.org/10.1145/2676726.2676975 Google ScholarDigital Library
Ronghui Gu, Zhong Shao, Hao Chen, Jieung Kim, Jérémie Koenig, Xiongnan (Newman) Wu, Vilhelm Sjöberg, and David Costanzo. 2019. Building certified concurrent OS kernels. Commun. ACM, 62, 10 (2019), 89–99. https://doi.org/10.1145/3356903 Google ScholarDigital Library
Ronghui Gu, Zhong Shao, Jieung Kim, Xiongnan (Newman) Wu, Jérémie Koenig, Vilhelm Sjöberg, Hao Chen, David Costanzo, and Tahina Ramananandro. 2018. Certified concurrent abstraction layers. In PLDI. ACM, 646–661. https://doi.org/10.1145/3192366.3192381 Google ScholarDigital Library
Hafnium. 2020. Hafnium. https://review.trustedfirmware.org/plugins/gitiles/hafnium/hafnium/+/HEAD/README.mdGoogle Scholar
James Harland, David J. Pym, and Michael Winikoff. 1996. Programming in Lygon: An overview. In AMAST (LNCS, Vol. 1101). Springer, 391–405. https://doi.org/10.1007/BFb0014329 Google ScholarCross Ref
Chris Hathhorn, Chucky Ellison, and Grigore Rosu. 2015. Defining the undefinedness of C. In PLDI. ACM, 336–345. https://doi.org/10.1145/2737924.2737979 Google ScholarDigital Library
Aquinas Hobor, Andrew W. Appel, and Francesco Zappa Nardelli. 2008. Oracle semantics for concurrent separation logic. In ESOP (LNCS, Vol. 4960). Springer, 353–367. https://doi.org/10.1007/978-3-540-78739-6_27 Google ScholarCross Ref
Joshua S. Hodas and Dale Miller. 1991. Logic programming in a fragment of intuitionistic linear logic. In LICS. IEEE Computer Society, 32–42. https://doi.org/10.1109/LICS.1991.151628 Google ScholarCross Ref
Bart Jacobs, Jan Smans, Pieter Philippaerts, Frédéric Vogels, Willem Penninckx, and Frank Piessens. 2011. VeriFast: A powerful, sound, predictable, fast verifier for C and Java. In NASA Formal Methods (LNCS, Vol. 6617). Springer, 41–55. https://doi.org/10.1007/978-3-642-20398-5_4 Google ScholarCross Ref
Trevor Jim, Greg Morrisett, Dan Grossman, Michael W. Hicks, James Cheney, and Yanling Wang. 2002. Cyclone: A safe dialect of C. In USENIX. 275–288. http://www.usenix.org/publications/library/proceedings/usenix02/jim.htmlGoogle Scholar
Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2018. RustBelt: Securing the foundations of the Rust programming language. Proc. ACM Program. Lang., 2, POPL (2018), 66:1–66:34. https://doi.org/10.1145/3158154 Google ScholarDigital Library
Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2021. Safe systems programming in Rust. Commun. ACM, 64, 4 (2021), April, 144–152. https://cacm.acm.org/magazines/2021/4/251364-safe-systems-programming-in-rust/fulltextGoogle ScholarDigital Library
Ralf Jung, Robbert Krebbers, Lars Birkedal, and Derek Dreyer. 2016. Higher-order ghost state. In ICFP. ACM, 256–269. https://doi.org/10.1145/2951913.2951943 Google ScholarDigital Library
Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. J. Funct. Program., 28 (2018), e20. https://doi.org/10.1017/S0956796818000151 Google ScholarCross Ref
Ralf Jung, Rodolphe Lepigre, Gaurav Parthasarathy, Marianna Rapoport, Amin Timany, Derek Dreyer, and Bart Jacobs. 2020. The future is ours: Prophecy variables in separation logic. Proc. ACM Program. Lang., 4, POPL (2020), 45:1–45:32. https://doi.org/10.1145/3371113 Google ScholarDigital Library
Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and invariants as an orthogonal basis for concurrent reasoning. In POPL. ACM, 637–650. https://doi.org/10.1145/2676726.2676980 Google ScholarDigital Library
Jan-Oliver Kaiser, Hoang-Hai Dang, Derek Dreyer, Ori Lahav, and Viktor Vafeiadis. 2017. Strong logic for weak memory: Reasoning about release-acquire consistency in iris. In ECOOP (LIPIcs, Vol. 74). Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 17:1–17:29. https://doi.org/10.4230/LIPIcs.ECOOP.2017.17 Google ScholarCross Ref
Jeehoon Kang, Chung-Kil Hur, William Mansky, Dmitri Garbuzov, Steve Zdancewic, and Viktor Vafeiadis. 2015. A formal C memory model supporting integer-pointer casts. In PLDI. ACM, 326–335. https://doi.org/10.1145/2737924.2738005 Google ScholarDigital Library
Gerwin Klein, June Andronick, Kevin Elphinstone, Toby C. Murray, Thomas Sewell, Rafal Kolanski, and Gernot Heiser. 2014. Comprehensive formal verification of an OS microkernel. ACM Trans. Comput. Syst., 32, 1 (2014), 2:1–2:70. https://doi.org/10.1145/2560537 Google ScholarDigital Library
Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal verification of an OS kernel. In SOSP. ACM, 207–220. https://doi.org/10.1145/1629575.1629596 Google ScholarDigital Library
Robbert Krebbers. 2014. An operational and axiomatic semantics for non-determinism and sequence points in C. In POPL. ACM, 101–112. https://doi.org/10.1145/2535838.2535878 Google ScholarDigital Library
Robbert Krebbers. 2015. The C standard formalized in Coq. Ph.D. Dissertation. Radboud University Nijmegen. https://robbertkrebbers.nl/thesis.htmlGoogle Scholar
Robbert Krebbers, Jacques-Henri Jourdan, Ralf Jung, Joseph Tassarotti, Jan-Oliver Kaiser, Amin Timany, Arthur Charguéraud, and Derek Dreyer. 2018. MoSeL: A general, extensible modal framework for interactive proofs in separation logic. Proc. ACM Program. Lang., 2, ICFP (2018), 77:1–77:30. https://doi.org/10.1145/3236772 Google ScholarDigital Library
Robbert Krebbers, Ralf Jung, Ales Bizjak, Jacques-Henri Jourdan, Derek Dreyer, and Lars Birkedal. 2017. The essence of higher-order concurrent separation logic. In ESOP (LNCS, Vol. 10201). Springer, 696–723. https://doi.org/10.1007/978-3-662-54434-1_26 Google ScholarDigital Library
Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017. Interactive proofs in higher-order concurrent separation logic. In POPL. ACM, 205–217. http://dl.acm.org/citation.cfm?id=3009855Google Scholar
Robbert Krebbers and Freek Wiedijk. 2013. Separation logic for non-local control flow and block scope variables. In FoSSaCS (LNCS, Vol. 7794). Springer, 257–272. https://doi.org/10.1007/978-3-642-37075-5_17 Google ScholarDigital Library
Quang Loc Le, Jun Sun, and Shengchao Qin. 2018. Frame inference for inductive entailment proofs in separation logic. In TACAS (1) (LNCS, Vol. 10805). Springer, 41–60. https://doi.org/10.1007/978-3-319-89960-2_3 Google ScholarCross Ref
Juneyoung Lee, Yoonseung Kim, Youngju Song, Chung-Kil Hur, Sanjoy Das, David Majnemer, John Regehr, and Nuno P. Lopes. 2017. Taming undefined behavior in LLVM. In PLDI. ACM, 633–647. https://doi.org/10.1145/3062341.3062343 Google ScholarDigital Library
Wonyeol Lee and Sungwoo Park. 2014. A proof system for separation logic with magic wand. In POPL. ACM, 477–490. https://doi.org/10.1145/2535838.2535871 Google ScholarDigital Library
Xavier Leroy, Andrew Appel, Sandrine Blazy, and Gordon Stewart. 2012. The CompCert memory model, version 2. Inria. https://hal.inria.fr/hal-00703441Google Scholar
Xavier Leroy and Sandrine Blazy. 2008. Formal verification of a C-like memory model and its uses for verifying program transformations. J. Autom. Reason., 41, 1 (2008), 1–31. https://doi.org/10.1007/s10817-008-9099-0 Google ScholarDigital Library
Jacob R. Lorch, Yixuan Chen, Manos Kapritsos, Bryan Parno, Shaz Qadeer, Upamanyu Sharma, James R. Wilcox, and Xueyuan Zhao. 2020. Armada: Low-effort verification of high-performance concurrent programs. In PLDI. ACM, 197–210. https://doi.org/10.1145/3385412.3385971 Google ScholarDigital Library
Gregory Malecha, Adam Chlipala, and Thomas Braibant. 2014. Compositional computational reflection. In ITP (LNCS, Vol. 8558). Springer, 374–389. https://doi.org/10.1007/978-3-319-08970-6_24 Google ScholarCross Ref
William Mansky, Andrew W. Appel, and Aleksey Nogin. 2017. A verified messaging system. Proc. ACM Program. Lang., 1, OOPSLA (2017), 87:1–87:28. https://doi.org/10.1145/3133911 Google ScholarDigital Library
Kayvan Memarian, Victor B. F. Gomes, Brooks Davis, Stephen Kell, Alexander Richardson, Robert N. M. Watson, and Peter Sewell. 2019. Exploring C semantics and pointer provenance. Proc. ACM Program. Lang., 3, POPL (2019), 67:1–67:32. https://doi.org/10.1145/3290380 Google ScholarDigital Library
Kayvan Memarian, Justus Matthiesen, James Lingard, Kyndylan Nienhuis, David Chisnall, Robert N. M. Watson, and Peter Sewell. 2016. Into the depths of C: elaborating the de facto standards. In PLDI. ACM, 1–15. https://doi.org/10.1145/2908080.2908081 Google ScholarDigital Library
Magnus Oskar Myreen. 2009. Formal verification of machine-code programs. Ph.D. Dissertation. University of Cambridge, UK. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.611450Google Scholar
George C. Necula, Scott McPeak, and Westley Weimer. 2002. CCured: Type-safe retrofitting of legacy code. In POPL. ACM, 128–139. https://doi.org/10.1145/503272.503286 Google ScholarDigital Library
Ruzica Piskac, Thomas Wies, and Damien Zufferey. 2014. Automating separation logic with trees and data. In CAV (LNCS, Vol. 8559). Springer, 711–728. https://doi.org/10.1007/978-3-319-08867-9_47 Google ScholarDigital Library
François Pottier and Jonathan Protzenko. 2013. Programming with permissions in Mezzo. In ICFP. ACM, 173–184. https://doi.org/10.1145/2500365.2500598 Google ScholarDigital Library
Jonathan Protzenko, Jean Karim Zinzindohoué, Aseem Rastogi, Tahina Ramananandro, Peng Wang, Santiago Zanella Béguelin, Antoine Delignat-Lavaud, Catalin Hritcu, Karthikeyan Bhargavan, Cédric Fournet, and Nikhil Swamy. 2017. Verified low-level programming embedded in F*. Proc. ACM Program. Lang., 1, ICFP (2017), 17:1–17:29. https://doi.org/10.1145/3110261 Google ScholarDigital Library
Andrew Reynolds, Radu Iosif, Cristina Serban, and Tim King. 2016. A decision procedure for separation logic in SMT. In ATVA (LNCS, Vol. 9938). 244–261. https://doi.org/10.1007/978-3-319-46520-3_16 Google ScholarCross Ref
Patrick Maxim Rondon, Ming Kawaguchi, and Ranjit Jhala. 2008. Liquid types. In PLDI. ACM, 159–169. https://doi.org/10.1145/1375581.1375602 Google ScholarDigital Library
Patrick Maxim Rondon, Ming Kawaguchi, and Ranjit Jhala. 2010. Low-level liquid types. In POPL. ACM, 131–144. https://doi.org/10.1145/1706299.1706316 Google ScholarDigital Library
Grigore Rosu, Chucky Ellison, and Wolfram Schulte. 2010. Matching logic: An alternative to Hoare/Floyd logic. In AMAST (LNCS, Vol. 6486). Springer, 142–162. https://doi.org/10.1007/978-3-642-17796-5_9 Google ScholarCross Ref
Grigore Rosu and Traian-Florin Serbanuta. 2010. An overview of the K semantic framework. J. Log. Algebraic Methods Program., 79, 6 (2010), 397–434. https://doi.org/10.1016/j.jlap.2010.03.012 Google ScholarCross Ref
Grigore Rosu and Andrei Stefanescu. 2012. Checking reachability using matching logic. In OOPSLA. ACM, 555–574. https://doi.org/10.1145/2384616.2384656 Google ScholarDigital Library
Michael Sammler, Rodolphe Lepigre, Robbert Krebbers, Kayvan Memarian, Derek Dreyer, and Deepak Garg. 2021. RefinedC: Automating the foundational verification of C code with refined ownership types (Artifact and Appendix). https://doi.org/10.5281/zenodo.4646747 Project webpage: Google ScholarCross Ref
Ilya Sergey, Aleksandar Nanevski, and Anindya Banerjee. 2015. Mechanized verification of fine-grained concurrent programs. In PLDI. ACM, 77–87. https://doi.org/10.1145/2737924.2737964 Google ScholarDigital Library
Thomas Arthur Leck Sewell, Magnus O. Myreen, and Gerwin Klein. 2013. Translation validation for a verified OS kernel. In PLDI. ACM, 471–482. https://doi.org/10.1145/2491956.2462183 Google ScholarDigital Library
Zhong Shao, Valery Trifonov, Bratin Saha, and Nikolaos Papaspyrou. 2005. A type system for certified binaries. ACM Trans. Program. Lang. Syst., 27, 1 (2005), 1–45. https://doi.org/10.1145/1053468.1053469 Google ScholarDigital Library
Frederick Smith, David Walker, and J. Gregory Morrisett. 2000. Alias types. In ESOP (LNCS, Vol. 1782). Springer, 366–381. https://doi.org/10.1007/3-540-46425-5_24 Google ScholarCross Ref
Matthieu Sozeau and Nicolas Oury. 2008. First-class type classes. In TPHOLs (LNCS, Vol. 5170). Springer, 278–293. https://doi.org/10.1007/978-3-540-71067-7_23 Google ScholarDigital Library
Simon Spies, Lennard Gäher, Daniel Gratzer, Joseph Tassarotti, Robbert Krebbers, Derek Dreyer, and Lars Birkedal. 2021. Transfinite Iris: Resolving an existential dilemma of step-indexed separation logic. In PLDI. ACM. https://doi.org/10.1145/3453483.3454031Google Scholar
Andrei Stefanescu. 2014. MatchC: A matching logic reachability verifier using the K framework. Electron. Notes Theor. Comput. Sci., 304 (2014), 183–198. https://doi.org/10.1016/j.entcs.2014.05.010 Google ScholarCross Ref
Kasper Svendsen and Lars Birkedal. 2014. Impredicative concurrent abstract predicates. In ESOP (LNCS, Vol. 8410). Springer, 149–168. https://doi.org/10.1007/978-3-642-54833-8_9 Google ScholarDigital Library
Nikhil Swamy, Juan Chen, Cédric Fournet, Pierre-Yves Strub, Karthikeyan Bhargavan, and Jean Yang. 2011. Secure distributed programming with value-dependent types. In ICFP. ACM, 266–278. https://doi.org/10.1145/2034773.2034811 Google ScholarDigital Library
Nikhil Swamy, Michael W. Hicks, Greg Morrisett, Dan Grossman, and Trevor Jim. 2006. Safe manual memory management in Cyclone. Sci. Comput. Program., 62, 2 (2006), 122–144. https://doi.org/10.1016/j.scico.2006.02.003 Google ScholarDigital Library
Quang-Trung Ta, Ton Chanh Le, Siau-Cheng Khoo, and Wei-Ngan Chin. 2018. Automated lemma synthesis in symbolic-heap separation logic. Proc. ACM Program. Lang., 2, POPL (2018), 9:1–9:29. https://doi.org/10.1145/3158097 Google ScholarDigital Library
The Bedrock Team. 2015. Verification of a singly linked list. https://github.com/mit-plv/bedrock/blob/e3ff3c2cba9976ac4351caaabb4bf/Bedrock/Examples/SinglyLinkedList.vGoogle Scholar
The Coq-std++ Team. 2020. An extended “standard library” for Coq. https://gitlab.mpi-sws.org/iris/stdppGoogle Scholar
The Rust Team. 2020. The Rust programming language. https://rust-lang.orgGoogle Scholar
The Tokei Team. 2020. Tokei. https://github.com/XAMPPRocky/tokeiGoogle Scholar
The VCC Team. 2016. Verification of a singly linked list. https://github.com/microsoft/vcc/blob/47f3f33d459f5fd9233203ec3d5d2fc803/vcc/Docs/Tutorial/c/7.2.list.cGoogle Scholar
The Verifast Team. 2019. Verification of a binary search tree. https://github.com/verifast/verifast/blob/8bc966726de829749eaf916ec3863bf294/examples/sorted_bintree.cGoogle Scholar
The VST Team. 2020. Verification of Binary Search Tree. https://github.com/PrincetonUniversity/VST/blob/14e6b3a79a9685a478786436c6f0a45dc44c3d52/progs/verif_bst.vGoogle Scholar
John Toman, Ren Siqi, Kohei Suenaga, Atsushi Igarashi, and Naoki Kobayashi. 2020. ConSORT: Context- and flow-sensitive ownership refinement types for imperative programs. In ESOP (LNCS, Vol. 12075). Springer, 684–714. https://doi.org/10.1007/978-3-030-44914-8_25 Google ScholarDigital Library
Frédéric Vogels, Bart Jacobs, and Frank Piessens. 2015. Featherweight VeriFast. Log. Methods Comput. Sci., 11, 3 (2015), https://doi.org/10.2168/LMCS-11(3:19)2015 Google ScholarCross Ref
Frédéric Vogels, Bart Jacobs, Frank Piessens, and Jan Smans. 2011. Annotation inference for separation logic based verifiers. In FMOODS/FORTE (LNCS, Vol. 6722). Springer, 319–333. https://doi.org/10.1007/978-3-642-21461-5_21 Google ScholarCross Ref
David Walker and J. Gregory Morrisett. 2000. Alias types for recursive data structures. In TIC (LNCS, Vol. 2071). Springer, 177–206. https://doi.org/10.1007/3-540-45332-6_7 Google ScholarCross Ref
Qinshi Wang and Qinxiang Cao. 2019. VST-A: A foundationally sound annotation verifier. CoRR, abs/1909.00097 (2019), arxiv:1909.00097Google Scholar
Xi Wang, Haogang Chen, Alvin Cheung, Zhihao Jia, Nickolai Zeldovich, and M. Frans Kaashoek. 2012. Undefined behavior: What happened to my code? In APSys. ACM, 9. https://doi.org/10.1145/2349896.2349905 Google ScholarDigital Library
Simon Winwood, Gerwin Klein, Thomas Sewell, June Andronick, David Cock, and Michael Norrish. 2009. Mind the gap. In TPHOLs (LNCS, Vol. 5674). Springer, 500–515. https://doi.org/10.1007/978-3-642-03359-9_34 Google ScholarDigital Library
Hongwei Xi. 2007. Dependent ML: An approach to practical programming with dependent types. J. Funct. Program., 17, 2 (2007), 215–286. https://doi.org/10.1017/S0956796806006216 Google ScholarDigital Library
Hongseok Yang, Oukseh Lee, Josh Berdine, Cristiano Calcagno, Byron Cook, Dino Distefano, and Peter W. O’Hearn. 2008. Scalable shape analysis for systems code. In CAV (LNCS, Vol. 5123). Springer, 385–398. https://doi.org/10.1007/978-3-540-70545-1_36 Google ScholarDigital Library
Jean Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, and Benjamin Beurdouche. 2017. HACL*: A verified modern cryptographic library. In CCS. ACM, 1789–1806. https://doi.org/10.1145/3133956.3134043 Google ScholarDigital Library

Index Terms

RefinedC: automating the foundational verification of C code with refined ownership types
1. Theory of computation
  1. Logic

Recommendations

Beyond Backtracking: Connections in Fine-Grained Concurrent Separation Logic

Concurrent separation logic has been responsible for major advances in the formal verification of fine-grained concurrent algorithms and data structures such as locks, barriers, queues, and reference counters. The key ingredient of the verification of ...
Read More
Proof Automation for Linearizability in Separation Logic

Recent advances in concurrent separation logic enabled the formal verification of increasingly sophisticated fine-grained (i.e., lock-free) concurrent programs. For such programs, the golden standard of correctness is linearizability, which expresses ...
Read More
Practical Proof Search for Coq by Type Inhabitation
Automated Reasoning
Abstract
We present a practical proof search procedure for Coq based on a direct search for type inhabitants in an appropriate normal form. The procedure is more general than any of the automation tactics natively available in Coq. It aims to handle as ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PLDI 2021: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation
June 2021
1341 pages
ISBN:9781450383912
DOI:10.1145/3453483
General Chair:
Stephen N. Freund
Williams College, USA
,
Program Chair:
Eran Yahav
Technion, Israel
Copyright © 2021 Owner/Author
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 18 June 2021
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Badges
Author Tags
C programming language
Coq
Iris
ownership types
proof automation
refinement types
separation logic
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate406of2,067submissions,20%
Upcoming Conference
PLDI '24

Sponsor:

sigplan

ACM SIGPLAN Conference on Programming Language Design and Implementation

June 24 - 28, 2024

Copenhagen , Denmark
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 35
  Total Citations
  View Citations
- 1,256
  Total Downloads
- Downloads (Last 12 months)464
- Downloads (Last 6 weeks)46
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

RefinedC: automating the foundational verification of C code with refined ownership types

PLDI 2021: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation

ABSTRACT

References

Cited By

Index Terms

Recommendations

Beyond Backtracking: Connections in Fine-Grained Concurrent Separation Logic

Proof Automation for Linearizability in Separation Logic

Practical Proof Search for Coq by Type Inhabitation