Results 11  20
of
25
Semantic foundations for typed assembly languages
 Prog. Languages and Systems (TOPLAS
, 2008
"... Typed Assembly Languages (TALs) are used to validate the safety of machinelanguage programs. The Foundational ProofCarrying Code project seeks to verify the soundness of TALs using the smallest possible set of axioms—the axioms of a suitably expressive logic plus a specification of machine semanti ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Typed Assembly Languages (TALs) are used to validate the safety of machinelanguage programs. The Foundational ProofCarrying Code project seeks to verify the soundness of TALs using the smallest possible set of axioms—the axioms of a suitably expressive logic plus a specification of machine semantics. This paper proposes general semantic foundations that permit modular proofs of the soundness of TALs. These semantic foundations include Typed Machine Language (TML), a type theory for specifying properties of lowlevel data with powerful and orthogonal type constructors, and Lc, a compositional logic for specifying properties of machine instructions with simplified reasoning about unstructured control flow. Both of these components, whose semantics we specify using higherorder logic, are useful for proving the soundness of TALs. We demonstrate this by using TML and Lc to verify the soundness of a lowlevel, typed assembly language, LTAL, which is the target of our coreMLtosparc compiler. To prove the soundness of the TML type system we have successfully applied a new approach, that of stepindexed logical relations. This approach provides the first semantic model for a type system with updatable references to values of impredicative quantified types. Both impredicative polymorphism and mutable references are essential when representing function closures in compilers with typed closure conversion, or when compiling objects to simpler typed primitives.
A Metalogical Approach to Foundational Certified Code
, 2003
"... Foundational certified code systems seek to prove untrusted programs to be safe relative to safety policies given in terms of actual machine architectures. Previous e#orts have employed a structure wherein the proofs are expressed in the same logic used to express the safety policy. We propose an al ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Foundational certified code systems seek to prove untrusted programs to be safe relative to safety policies given in terms of actual machine architectures. Previous e#orts have employed a structure wherein the proofs are expressed in the same logic used to express the safety policy. We propose an alternative structure wherein safety proofs are expressed in the Twelf metalogic, thereby eliminating from those proofs an extra layer of encoding needed in the previous accounts. Using this metalogical approach, we have constructed a complete and foundational account of safety for a fully expressive typed assembly language.
A costeffective foundational certified code system
, 2005
"... Certified code systems enable untrusted programs to be proven safe to execute in a machine–checkable manner. Recent work has focused on building foundational certified code systems, where safety is defined relative to a concrete machine architecture. We wish to build a cost–effective system, with pr ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Certified code systems enable untrusted programs to be proven safe to execute in a machine–checkable manner. Recent work has focused on building foundational certified code systems, where safety is defined relative to a concrete machine architecture. We wish to build a cost–effective system, with practicality along two dimensions — the intellectual effort to engineer the proofs, and the resource usage by the machine in verifying these proofs. Thus, we factor the proof that a particular program is safe to execute into two parts, a generic part and a program–specific part. These parts are linked by a mediating logic, typically a type system, which we call the safety condition. Consequently, we must prove that all programs that satisfy this condition are safe to execute, and then, we prove that the particular program satisfies this safety condition. Moreover, each of these proofs must be done in a cost–effective manner. In previous work, we have described a machine–checkable proof for the first part, based on defining an operational semantics in LF and using the Twelf metalogic. For the second part, experience has shown that proof terms for a reasonable logic, or type system, are too big to generate, send across the network, and check. We wish to check adherence to the safety condition by an untrusted functional program. It remains to prove (in a machine–checkable manner) that the program implements the logic specified in a LF signature. We propose to accomplish this by static typechecking. We have designed an expressive type system using dependent refinements for this purpose. 1
Interfacing Compilers, Proof Checkers, and Proofs for Foundational ProofCarrying Code
, 2005
"... ProofCarrying Code (PCC) is a general framework for the mechanical verification of safety properties of machinelanguage programs. It allows a code producer to provide an executable program to a code consumer, along with a machinecheckable proof of safety such that the code consumer can check the ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
ProofCarrying Code (PCC) is a general framework for the mechanical verification of safety properties of machinelanguage programs. It allows a code producer to provide an executable program to a code consumer, along with a machinecheckable proof of safety such that the code consumer can check the proof before running the program. PCC has the advantage of small Trusted Computing Base (TCB), since the proof checking can be a simple mechanical procedure. A weakness of previous PCC systems is that the proofchecking infrastructure is based on some complicated logic or type system that is not necessarily sound.
A Dependently Typed Programming Language, with applications to Foundational Certified Code Systems
, 2009
"... Certified code systems enable trust to be generated in untrusted pieces of code. This is done by requiring that a machine–verifiable certificate be packaged with code, which can then be proved safe independently. Safety is defined with respect to a defined safety policy. Recent work has focused on “ ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Certified code systems enable trust to be generated in untrusted pieces of code. This is done by requiring that a machine–verifiable certificate be packaged with code, which can then be proved safe independently. Safety is defined with respect to a defined safety policy. Recent work has focused on “foundational certified code systems”, which define the safety policy as execution on a concrete machine architecture. This makes the safety guarantees of the system more concrete relative to previous systems. There are two advantages. One, we gain in flexibility since the proof producers can use different assumptions and techniques. Two, the parts of the system that must be trusted become substantially simpler. This work describes our design of a practical foundational certified code system. Foundational systems have new proof obligations, for which we need different proof techniques and verification environments. In common with other such systems, we use an intermediate formal system such as a type system to isolate a group of programs. There are then two proof obligations. A program– specific proof verifies that the program belongs to the group so defined. This is the type checking problem. A generic safety proof says that all programs belonging to the group is safe to execute on the concrete machine. For a type system this is the type safety property.
Typesafe Computation with Heterogeneous Data
, 2007
"... Computation with largescale heterogeneous data typically requires universal traversal to search forall occurrences of a substructure that matches a possibly complex search pattern, whose context may be different in different places within the data. Both aspects cause difficulty for existing general ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Computation with largescale heterogeneous data typically requires universal traversal to search forall occurrences of a substructure that matches a possibly complex search pattern, whose context may be different in different places within the data. Both aspects cause difficulty for existing generalpurpose programming languages, because these languages are designed for homogeneous data and have problems typing the different substructures in heterogeneous data, and the complex patterns to match with the substructures. Programmers either have to hardcode the structures and search patterns, preventing programs from being reusable and scalable, or have to use lowlevel untyped programming or programming with specialpurpose query languages, opening the door to type mismatches that cause a high risk of program correctness and security problems. This thesis invents the concept of pattern structures, and proposes a general solution to the above problems  a programming technique using pattern structures. In this solution, welltyped pattern structures are defined to represent complex search patterns, and pattern searching over heterogeneous data is programmed with pattern parameters, in a staticallytyped language that supports firstclass typing of structures and patterns. The resulting programs are staticallytyped, highly reusable for different data structures and different patterns, and highly scalable in terms of the complexity of data structures and patterns. Adding new kinds of patterns for an application no longer requires changing the language in use or creating new ones, but is only a programming task. The thesis demonstrates the application of this approach to, and its advantages in, two important examples of computation with heterogeneous data, i.e., XML data processing and Java bytecode analysis.
Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks Abstract
"... We present a comparison of semantic and syntactic proof methods for reasoning about typed assembly languages in Coq. We make available our complete Coq developments for a simple and easily understood benchmark system presenting both styles of soundness proof to the same interface. The syntactic proo ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
We present a comparison of semantic and syntactic proof methods for reasoning about typed assembly languages in Coq. We make available our complete Coq developments for a simple and easily understood benchmark system presenting both styles of soundness proof to the same interface. The syntactic proof is standard subject reduction; the semantic proof uses Gödal Löb modal logic, shallowly embedded in Coq. The proof style of the modal logic is flexible and facilitates experimental modifications to the underlying machine. As an example of this flexibility, we discuss how to add fault tolerance to the list machine. In addition, we discus how the the choice of proof methodology affects the trusted computing base of a typed assembly language system.
Foundational Certified Code in the Twelf Metalogical Framework
"... Foundational certified code systems seek to prove untrusted programs to be safe relative to safety policies given in terms of actual machine architectures, thereby improving the systems ’ flexibility and extensibility. Using the Twelf metalogical framework, we have constructed a safety policy for th ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Foundational certified code systems seek to prove untrusted programs to be safe relative to safety policies given in terms of actual machine architectures, thereby improving the systems ’ flexibility and extensibility. Using the Twelf metalogical framework, we have constructed a safety policy for the IA32 architecture with a trusted runtime library. The safety policy is based on a formalized operational semantics. We have also developed a complete, foundational proof that a fully expressive typed assembly language satisfies that safety policy.
An Indexed Model of Impredicative Polymorphism and Mutable References
, 2003
"... We present a semantic model of the polymorphic lambda calculus augmented with a higherorder store, allowing the storage of values of any type, including impredicative quantified types, mutable references, recursive types, and functions. Our model provides the first denotational semantics for a type ..."
Abstract
 Add to MetaCart
We present a semantic model of the polymorphic lambda calculus augmented with a higherorder store, allowing the storage of values of any type, including impredicative quantified types, mutable references, recursive types, and functions. Our model provides the first denotational semantics for a type system with updatable references to values of impredicative quantified types. The central idea behind our semantics is that instead of tracking the exact type of a mutable reference in a possible world our model keeps track of the approximate type. While highlevel languages like ML and Java do not themselves support storage of impredicative existential packages in mutable cells, this feature is essential when representing ML function closures, that is, in a target language for typed closure conversion of ML programs. 1
Foundational Certified Code in a Metalogical
 In Nineteenth International Conference on Automated Deduction
, 2005
"... Stage: a type safety proof for TALT relative to an abstract machine, using the usual tools of progress and type preservation. ..."
Abstract
 Add to MetaCart
Stage: a type safety proof for TALT relative to an abstract machine, using the usual tools of progress and type preservation.