Skip to content

Latest commit

 

History

History
148 lines (112 loc) · 5.85 KB

README.md

File metadata and controls

148 lines (112 loc) · 5.85 KB

The StrictC translation tool

The StrictC translation tool, also called the Isabelle C parser, translates a large subset of C99 code into the imperative language Simpl embedded in the theorem prover Isabelle/HOL. The Simpl language provides a verified verification condition generator and further tools for software verification. The tool is aimed at Isabelle/HOL experts with knowledge in program verification, reasoning in Isabelle/HOL, Hoare logic, and C semantics.

The semantics the parser produces contains a C memory model that can be used to reason about the behaviour of low-level C programs. The memory model admits more behaviours than the C standard -- in particular, it does not require that memory be allocated via alloc, because this library function does typically not yet exist in low-level code such as OS kernel implementation.

To install, we recommend using one of the releases provided below and see the file INSTALL in the src/c-parser directory. You will need Isabelle and the MLton compiler for Standard ML.

To use:

  1. Use the Isabelle session heap CParser that is created by installation
  2. Import the theory CTranslation
  3. Load ('install') C files into your theories with the Isar command install_C_file.

The AutoCorres tool can abstract and simplify most Simpl C code generated by the parser and is aimed at easing C verification. See the AutoCorres web page for more information.

Documentation

The releases contain the file docs/ctranslation.pdf which provides more information about the options and C language semantics that this tool provides.

See also the examples in the testfiles directory. For example, breakcontinue.thy is a fairly involved demonstration of doing things the hard way.

The following academic publications describe the C parser, C subset, and memory model:

Supported C Subset

The C parser supports a large subset of C99. The following C features are not supported:

  • taking the address of local variables
  • floating point types
  • side effects in expressions, pre-increment and pre-decrement operators
  • goto
  • switch fall-through cases
  • variadic argument lists (...)
  • static local variables
  • limited support for function pointers

Releases

Current release:

Older releases:

License

The StrictC translation tool itself is available under the BSD 2-Clause license. It builds on the following open source projects by others.

  1. Norbert Schirmer's Simpl language and associated VCG tool.

    Sources for this are found in the Simpl/ directory. The code is covered by the LGPL licence.

    See https://isa-afp.org/entries/Simpl.html

  2. Code from SML/NJ:

    • an implementation of binary sets (Binaryset.ML)
    • the mllex and mlyacc tools (tools/{mllex,mlyacc})
    • command-line option parsing (standalone-parser/GetOpt)

    This code is covered by SML/NJ's BSD-ish licence.

    See http://www.smlnj.org

  3. Code from the mlton compiler:

    • regions during lexing and parsing (Region.ML, SourceFile.ML and SourcePos.ML)

    This code is governed by a BSD licence.

    See http://mlton.org