Journal of Automated Reasoning

, Volume 43, Issue 3, pp 263–288 | Cite as

Mechanized Semantics for the Clight Subset of the C Language

  • Sandrine Blazy
  • Xavier LeroyEmail author


This article presents the formal semantics of a large subset of the C language called Clight. Clight includes pointer arithmetic, struct and union types, C loops and structured switch statements. Clight is the source language of the CompCert verified compiler. The formal semantics of Clight is a big-step operational semantics that observes both terminating and diverging executions and produces traces of input/output events. The formal semantics of Clight is mechanized using the Coq proof assistant. In addition to the semantics of Clight, this article describes its integration in the CompCert verified compiler and several ways by which the semantics was validated.


The C programming language Operational semantics  Mechanized semantics Formal proof The Coq proof assistant 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aiken, A., Bugrara, S., Dillig, I., Dillig, T., Hackett, B., Hawkins, P.: An overview of the Saturn project. In: PASTE ’07: Proceedings of the 7th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, pp. 43–48. ACM, New York (2007)CrossRefGoogle Scholar
  2. 2.
    Appel, A.W., Blazy, S.: Separation logic for small-step Cminor. In: Theorem Proving in Higher Order Logics, 20th Int. Conf. TPHOLs 2007. Lecture Notes in Computer Science, vol. 4732, pp. 5–21. Springer, New York (2007)CrossRefGoogle Scholar
  3. 3.
    Appel, A.W., Leroy, X.: A list-machine benchmark for mechanized metatheory (extended abstract). In: Proc. Int. Workshop on Logical Frameworks and Meta-Languages (LFMTP’06). Electronic Notes in Computer Science, vol. 174/5, pp. 95–108 (2007)Google Scholar
  4. 4.
    Bertot, Y., Castéran, P.: Interactive Theorem Proving and Program Development – Coq’Art: the Calculus of Inductive Constructions. EATCS Texts in Theoretical Computer Science. Springer, New York (2004)zbMATHGoogle Scholar
  5. 5.
    Bishop, S., Fairbairn, M., Norrish, M., Sewell, P., Smith, M., Wansbrough, K.: Engineering with logic: HOL specification and symbolic-evaluation testing for TCP implementations. In: 33rd Symposium on Principles of Programming Languages, pp. 55–66. ACM, New York (2006)Google Scholar
  6. 6.
    Blazy, S., Dargaye, Z., Leroy, X.: Formal verification of a C compiler front-end. In: FM 2006: 14th Int. Symp. on Formal Methods. Lecture Notes in Computer Science, vol. 4085, pp. 460–475. Springer, New York (2006)CrossRefGoogle Scholar
  7. 7.
    Börger, E., Fruja, N., Gervasi, V., Stärk, R.F.: A high-level modular definition of the semantics of C#. Theor. Comp. Sci. 336(2–3), 235–284 (2005)zbMATHCrossRefGoogle Scholar
  8. 8.
    CEA LIST: FRAMA-C: framework for modular analysis of C. Software and documentation available on the web. (2008)
  9. 9.
    Condit, J., Harren, M., McPeak, S., Necula, G.C., Weimer, W.: CCured in the real world. In: PLDI ’03: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, pp. 232–244. ACM, New York (2003)CrossRefGoogle Scholar
  10. 10.
    Coq Development Team: The Coq proof assistant. (1989–2009)
  11. 11.
    Delahaye, D., Dubois, C., Étienne, J.F.: Extracting purely functional contents from logical inductive types. In: Theorem Proving in Higher Order Logics, 20th International Conference, TPHOLs 2007. Lecture Notes in Computer Science, vol. 4732, pp. 70–85. Springer, New York (2007)CrossRefGoogle Scholar
  12. 12.
    Duff, T.: On Duff’s device. Message to the comp.lang.c Usenet Group (1988)
  13. 13.
    Filliâtre, J.C., Marché, C.: Multi-prover verification of C programs. In: 6th Int. Conference on Formal Engineering Methods, ICFEM 2004. Lecture Notes in Computer Science, vol. 3308, pp. 15–29 (2004)Google Scholar
  14. 14.
    Gimenez, E., Ledinot, E.: Semantics of a subset of the C language. Coq contributed library. (2004)
  15. 15.
    Grégoire, B., Leroy, X.: A compiled implementation of strong reduction. In: International Conference on Functional Programming (ICFP 2002), pp. 235–246. ACM, New York (2002)CrossRefGoogle Scholar
  16. 16.
    Gurevich, Y., Huggins, J.: The semantics of the C programming language. In: Computer Science Logic, 6th Workshop, CSL ’92. Lecture Notes in Computer Science, vol. 702, pp. 274–308. Springer, New York (1993)Google Scholar
  17. 17.
    Hardekopf, B., Lin, C.: The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. SIGPLAN Not. 42(6), 290–299 (2007)CrossRefGoogle Scholar
  18. 18.
    Hartel, P.H., Moreau, L.: Formalizing the safety of Java, the Java virtual machine, and Java card. ACM Comput. Surv. 33(4), 517–558 (2001)CrossRefGoogle Scholar
  19. 19.
    Hatton, L.: Safer language subsets: an overview and a case history, MISRA C. Inf. Soft. Technol. 46(7), 465–472 (2004)CrossRefGoogle Scholar
  20. 20.
    Hoare, T., O’Hearn, P.W.: Separation logic semantics for communicating processes. In: Proceedings of the First International Conference on Foundations of Informatics, Computing and Software (FICS 2008). Electronic Notes in Computer Science, vol. 212, pp. 3–25 (2008)Google Scholar
  21. 21.
    Huisman, M., Jacobs, B.: Java program verification via a Hoare logic with abrupt termination. In: Fundamental Approaches to Software Engineering, 3rd Int. Conf. FASE 2000. Lecture Notes in Computer Science, vol. 1783, pp. 284–303. Springer, New York (2000)CrossRefGoogle Scholar
  22. 22.
    Hymans, C., Levillain, O.: Newspeak, doubleplussimple minilang for goodthinkful static analysis of C. Technical Note 2008-IW-SE-00010-1, EADS (2008)Google Scholar
  23. 23.
    van Inwegen, M., Gunter, E.L.: HOL-ML. In: Higher Order Logic Theorem Proving and its Applications, 6th International Workshop, HUG ’93. Lecture Notes in Computer Science, vol. 780, pp. 61–74. Springer, New York (1993)Google Scholar
  24. 24.
    Klein, G., Nipkow, T.: A machine-checked model for a Java-like language, virtual machine, and compiler. ACM Trans. Program. Lang. Syst. 28(4), 619–695 (2006)CrossRefGoogle Scholar
  25. 25.
    Lee, D.K., Crary, K., Harper, R.: Towards a mechanized metatheory of Standard ML. In: 34th Symposium on Principles of Programming Languages, pp. 173–184. ACM, New York (2007)Google Scholar
  26. 26.
    Leinenbach, D., Paul, W., Petrova, E.: Towards the formal verification of a C0 compiler: code generation and implementation correctness. In: IEEE Conference on Software Engineering and Formal Methods (SEFM’05), pp. 2–11. IEEE Computer Society, Silver Spring (2005)CrossRefGoogle Scholar
  27. 27.
    Leroy, X.: Formal certification of a compiler back-end, or: programming a compiler with a proof assistant. In: 33rd ACM symposium on Principles of Programming Languages, pp. 42–54. ACM, New York (2006)Google Scholar
  28. 28.
    Leroy, X.: A formally verified compiler backend. arXiv:0902.2137 [cs] (2008)
  29. 29.
    Leroy, X., Blazy, S.: Formal verification of a C-like memory model and its uses for verifying program transformations. J. Autom. Reason. 41(1), 1–31 (2008)zbMATHCrossRefMathSciNetGoogle Scholar
  30. 30.
    Leroy, X., Grall, H.: Coinductive big-step operational semantics. Inf. Comput. 207(2), 284–304 (2009). doi: 10.1016/j.ic.2007.12.004 CrossRefMathSciNetGoogle Scholar
  31. 31.
    Milner, R., Tofte, M., Harper, R., MacQueen, D.: The Definition of Standard ML (Revised). MIT, Cambridge (1997)Google Scholar
  32. 32.
    Motor Industry Software Reliability Association: MISRA-C. (2004)
  33. 33.
    Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: Intermediate language and tools for analysis and transformation of C programs. In: Compiler Construction, 11th International Conference, CC 2002. Lecture Notes in Computer Science, vol. 2304, pp. 213–228. Springer, New York (2002)Google Scholar
  34. 34.
    Nepomniaschy, V.A., Anureev, I.S., Promsky, A.V.: Towards verification of C programs: axiomatic semantics of the C-kernel language. Program. Comput. Softw. 29(6), 338–350 (2003)zbMATHCrossRefGoogle Scholar
  35. 35.
    Nipkow, T., Paulson, L.C.: Isabelle/Hol: a Proof Assistant for Higher-Order Logic. Springer, New York (2004)Google Scholar
  36. 36.
    Norrish, M.: C formalised in HOL. Ph.D. thesis, University of Cambridge. Technical Report UCAM-CL-TR-453 (1998)Google Scholar
  37. 37.
    Norrish, M.: Deterministic expressions in C. In: Programming Languages and Systems, 8th European Symposium on Programming, ESOP’99. Lecture Notes in Computer Science, vol. 1576, pp. 147–161. Springer, New York (1999)CrossRefGoogle Scholar
  38. 38.
    Owens, S.: A sound semantics for OCamllight. In: Programming Languages and Systems, 17th European Symposium on Programming, ESOP 2008. Lecture Notes in Computer Science, vol. 4960, pp. 1–15. Springer, New York (2008)Google Scholar
  39. 39.
    Papaspyrou, N.: A formal semantics for the C programming language. Ph.D. thesis, National Technical University of Athens (1998)Google Scholar
  40. 40.
    Paul, W., et al.: The Verisoft project. (2003–2008)
  41. 41.
    Schirmer, N.: Verification of sequential imperative programs in Isabelle/HOL. Ph.D. thesis, Technische Universität München (2006)Google Scholar
  42. 42.
    Sen, K., Marinov, D., Agha, G.: CUTE: a concolic unit testing engine for C. In: ESEC/FSE-13: Proceedings of the 10th European Software Engineering Conference, pp. 263–272. ACM, New York (2005)Google Scholar
  43. 43.
    Sewell, P., Zappa Nardelli, F., Owens, S., Peskine, G., Ridge, T., Sarkar, S., Strnisa, R.: Ott: effective tool support for the working semanticist. In: Proceedings of the 12th International Conference on Functional Programming, pp. 1–12. ACM, New York (2007)Google Scholar
  44. 44.
    Strecker, M.: Compiler verification for C0. Tech. Rep., Université Paul Sabatier, Toulouse (2005)Google Scholar
  45. 45.
    Tews, H.: Verifying Duff’s device: a simple compositional denotational semantics for goto and computed jumps. Draft Paper (2004)
  46. 46.
    Tews, H., Weber, T., Völp, M.: A formal model of memory peculiarities for the verification of low-level operating-system code. In: Proceedings of the International Workshop on Systems Software Verification (SSV’08). Electronic Notes in Computer Science, vol. 217, pp. 79–96 (2008)Google Scholar
  47. 47.
    Tews, H., Weber, T., Völp, M., Poll, E., van Eekelen, M., van Rossum, P.: Nova micro-hypervisor verification. Robin Project Deliverable D13, Radboud Universiteit Nijmegen. (2008)
  48. 48.
    Zucker, S., Karhi, K.: System V application binary interface, PowerPC processor supplement. Tech. Rep. 802-3334-10, SunSoft (1995)Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2009

Authors and Affiliations

  1. 1.ENSIIEEvry cedexFrance
  2. 2.INRIA Paris-RocquencourtLe ChesnayFrance

Personalised recommendations