c t i v it y e p o r t 2009 Table of contents

This paper investigates undefined behavior in C and offers a few simple techniques for operationally specifying such behavior formally. A semantics-based undefinedness checker for C is developed using these techniques, as well as a test suite of undefined programs. The tool is evaluated against other popular analysis tools, using the new test suite in addition to a third-party test suite. The semantics-based tool performs at least as well or better than the other tools tested. 1.

In this paper, we consider the semantic design and verified compilation of a C-like programming language for concurrent shared-memory computation above x86 multiprocessors. The design of such a language is made surprisingly subtle by several factors: the relaxed-memory behaviour of the hardware, the effects of compiler optimisation on concurrent code, the need to support high-performance concurrent algorithms, and the desire for a reasonably simple programming model. In turn, this complexity makes verified (or verifying) compilation both essential and challenging. In this paper we describe ClightTSO, a concurrent extension of CompCert’s Clight in which the TSObased memory model of x86 multprocessors is exposed for high-performance code, and CompCertTSO, a verifying compiler from ClightTSO to x86 assembly code, building on CompCert. CompCertTSO is verified inCoq:foranywell-behavedandsuccessfullycompiledClightTSOsourceprogram,anypermittedobservable behaviour of the generated assembly code (if it does not run out of memory) is also possible in the source

2 Scientific context 175 2.1 Keywords.......................................... 175 2.2 Context and overall goal of the project.......................... 175