Formalising C and C++ for Use in High Integrity Systems

  • C M O’Halloran
  • C H Pygott


UK MoD has long been an advocate of the use of mathematically formal verification in software for safety critical applications. In the past this has been focused on the SPARK Ada subset, but it is increasingly becoming difficult to find suppliers willing or capable of delivering Ada programs. Instead, there is a pressure to use more commercially attractive languages, such as C and C++. In order to maintain the high levels of confidence necessary for critical applications, this means being able to formally reason about these ‘new’ languages.

This paper covers two related programmes that are developing formal semantics for restricted subsets of C and C++ respectively. It will also consider how the formal semantics will be exploited in a verification environment.


Operational Semantic Formal Semantic Abstract Syntax Syntactic Category Verification Tool 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

5 References

  1. Barnes J (1997). High Integrity Ada: The SPARK Approach, Addison-Wesley, 1997. ISBN 0-201-17517-7.Google Scholar
  2. C++ (2003). ISO/IEC 14882:2003(E), Programming Languages — C++ Language Standard, ISO, 1998.Google Scholar
  3. Carré B, O’Halloran C, and Sennett C T (1993). Final Report on Work to Define a Formal Semantics for SPARK, DRA customer report, 1993.Google Scholar
  4. Garnsworthy J, O’Neill I, and Carré B (1993). Automatic Proof of the Absence of Run-Time Errors. In: Ada: Towards Maturity — Proceedings of the 1993 AdaUK conference, IOS Press, 1993. ISBN 9051991428.Google Scholar
  5. Hatton L (1994). Safer C, McGraw-Hill, 1994. ISBN 0-07-707640-0.Google Scholar
  6. HICPP (2004). High-Integrity C++ Coding Standard Manual v2.2, The Programming Research Group, May 2004. Available from: Scholar
  7. JSF (2005). Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program, Document Number 2RDU00001 Rev C, December 2005. Available from: Scholar
  8. Koenig A (1989). C Traps and Pitfalls, Addison-Wesley, 1989. ISBN 0-201-17928-8Google Scholar
  9. March M, Smith A, and Whiting E (2003). Concrete and Abstract Syntaxes for Restricted C, QinetiQ internal report, Version 2, July 2003.Google Scholar
  10. MISRA (2004). MISRA C: Guidelines for the Use of the C Language in Critical Systems, Motor Industry Research Association, 2004. ISBN 0-9524156-2-3.Google Scholar
  11. NATO (2005). EJ200, Digital Electronic Control and Monitoring Unit (DECMU) Software Programmer’s Manual for C, EJ 494/12000 Issue 1E, NATO UNCLASSIFIED, Date of Issue: 08-AUG-05.Google Scholar
  12. Norrish M (1998). C Formalised in HOL, PhD thesis, Cambridge University, 1998.Google Scholar
  13. Reynolds J C (2002). Separation Logic: a Logic for Shared Mutable Data Structures. Invited Paper, Proceedings of the 17th IEEE Symposium on Logic in Computer Science, 2002; 55–74.Google Scholar
  14. Schofield A, and Pygott C (2006). A Tabulation of the Unpredictable Features of the C++ Language, QinetiQ Report QINETIQ/S&DU/TIM/CR060019, September 2006.Google Scholar

Copyright information

© Springer-Verlag London Limited 2007

Authors and Affiliations

  • C M O’Halloran
    • 1
  • C H Pygott
    • 1
  1. 1.QTIM, QinetiQMalvernUK

Personalised recommendations