Results 1  10
of
40
Formal certification of a compiler backend, or: programming a compiler with a proof assistant
 IN PROC. 33RD ACM SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES (POPL ’06
, 2006
"... This paper reports on the development and formal certification (proof of semantic preservation) of a compiler from Cminor (a Clike imperative language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its correctness. Such a certified compile ..."
Abstract

Cited by 226 (14 self)
 Add to MetaCart
This paper reports on the development and formal certification (proof of semantic preservation) of a compiler from Cminor (a Clike imperative language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its correctness. Such a certified compiler is useful in the context of formal methods applied to the certification of critical software: the certification of the compiler guarantees that the safety properties proved on the source code hold for the executable compiled code as well.
TemporalSafety Proofs for Systems Code
, 2002
"... We present a methodology and tool for verifying and certifying systems code. The veri cation is based on the lazyabstraction paradigm for intertwining the following three logical steps: construct a predicate abstraction from the code, model check the abstraction, and automatically re ne the a ..."
Abstract

Cited by 70 (9 self)
 Add to MetaCart
We present a methodology and tool for verifying and certifying systems code. The veri cation is based on the lazyabstraction paradigm for intertwining the following three logical steps: construct a predicate abstraction from the code, model check the abstraction, and automatically re ne the abstraction based on counterexample analysis. The certi cation is based on the proofcarrying code paradigm. Lazy abstraction enables the automatic construction of small proof certi cates. The methodology is implemented in Blast, the Berkeley Lazy Abstraction Software veri cation Tool. We describe our experience applying Blast to Linux and Windows device drivers. Given the C code for a driver and for a temporalsafety monitor, Blast automatically generates an easily checkable correctness certi cate if the driver satis es the speci cation, and an error trace otherwise.
Semantics of Types for Mutable State
, 2004
"... Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For in ..."
Abstract

Cited by 55 (5 self)
 Add to MetaCart
Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For instance, in traditional PCC systems the trusted computing base includes a large set of lowlevel typing rules. Foundational PCC systems seek to minimize the size of the trusted computing base. In particular, they eliminate the need to trust complex, lowlevel type systems by providing machinecheckable proofs of type soundness for real machine languages. In this thesis, I demonstrate the use of logical relations for proving the soundness of type systems for mutable state. Specifically, I focus on type systems that ensure the safe allocation, update, and reuse of memory. For each type in the language, I define logical relations that explain the meaning of the type in terms of the operational semantics of the language. Using this model of types, I prove each typing rule as a lemma. The major contribution is a model of System F with general references — that is, mutable cells that can hold values of any closed type including other references, functions, recursive types, and impredicative quantified types. The model is based on ideas from both possible worlds and the indexed model of Appel and McAllester. I show how the model of mutable references is encoded in higherorder logic. I also show how to construct an indexed possibleworlds model for a von Neumann machine. The latter is used in the Princeton Foundational PCC system to prove type safety for a fullfledged lowlevel typed assembly language. Finally, I present a semantic model for a region calculus that supports typeinvariant references as well as memory reuse. iii
AbstractionCarrying Code
 In Proc. of LPAR’04, number 3452 in LNAI
, 2005
"... Abstract. ProofCarrying Code (PCC) is a general approach to mobile code safety in which programs are augmented with a certificate (or proof). The practical uptake of PCC greatly depends on the existence of a variety of enabling technologies which allow both to prove programs correct and to replace ..."
Abstract

Cited by 36 (17 self)
 Add to MetaCart
Abstract. ProofCarrying Code (PCC) is a general approach to mobile code safety in which programs are augmented with a certificate (or proof). The practical uptake of PCC greatly depends on the existence of a variety of enabling technologies which allow both to prove programs correct and to replace a costly verification process by an efficient checking procedure on the consumer side. In this work we propose AbstractionCarrying Code (ACC), a novel approach which uses abstract interpretation as enabling technology. We argue that the large body of applications of abstract interpretation to program verification is amenable to the overall PCC scheme. In particular, we rely on an expressive class of safety policies which can be defined over different abstract domains. We use an abstraction (or abstract model) of the program computed by standard static analyzers as a certificate. The validity of the abstraction on the consumer side is checked in a singlepass by a very efficient and specialized abstractinterpreter. We believe that ACC brings the interpretation techniques to the area of mobile code safety. We have implemented and benchmarked ACC within the Ciao system preprocessor. The experimental results show that the checking phase is indeed faster than the proof generation phase, and that the sizes of certificates are reasonable. 1
Tabled HigherOrder Logic Programming
 In 20th International Conference on Automated Deduction
, 2003
"... Elf is a general metalanguage for the specification and implementation of logical systems in the style of the logical framework LF. Based on a logic programming interpretation, it supports executing logical systems and reasoning with and about them, thereby reducing the effort required for each ..."
Abstract

Cited by 26 (11 self)
 Add to MetaCart
Elf is a general metalanguage for the specification and implementation of logical systems in the style of the logical framework LF. Based on a logic programming interpretation, it supports executing logical systems and reasoning with and about them, thereby reducing the effort required for each particular logical system. The traditional logic programming paradigm is extended by replacing firstorder terms with dependently typed terms and allowing implication and universal quantification in the bodies of clauses. These higherorder features allow us to model concisely and elegantly conditions on variables and the discharge of assumptions which are prevalent in many logical systems. However, many specifications are not executable under the traditional logic programming semantics and performance may be hampered by redundant computation. To address these problems, I propose a tabled higherorder logic programming interpretation for Elf. Some redundant computation is eliminated by memoizing subcomputation and reusing its result later. If we do not distinguish different proofs for a property, then search based on tabled logic programming is complete and terminates for programs with bounded recursion. In this proposal, I present a prooftheoretical characterization for tabled higherorder logic programming. It is the basis of the implemented prototype for tabled logic programming interpreter for Elf. Preliminary experiments indicate that many more logical specifications are executable under the tabled semantics. In addition, tabled computation leads to more efficient execution of programs. The goal of the thesis is to demonstrate that tabled logic programming allows us to efficiently automate reasoning with and about logical systems in the logical f...
How to Securely Outsource Cryptographic Computations
 In Theory of Cryptography (2005
"... Abstract. We address the problem of using untrusted (potentially malicious) cryptographic helpers. We provide a formal security definition for securely outsourcing computations from a computationally limited device to an untrusted helper. In our model, the adversarial environment writes the software ..."
Abstract

Cited by 25 (0 self)
 Add to MetaCart
Abstract. We address the problem of using untrusted (potentially malicious) cryptographic helpers. We provide a formal security definition for securely outsourcing computations from a computationally limited device to an untrusted helper. In our model, the adversarial environment writes the software for the helper, but then does not have direct communication with it once the device starts relying on it. In addition to security, we also provide a framework for quantifying the efficiency and checkability of an outsourcing implementation. We present two practical outsourcesecure schemes. Specifically, we show how to securely outsource modular exponentiation, which presents the computational bottleneck in most publickey cryptography on computationally limited devices. Without outsourcing, a device would need O(n) modular multiplications to carry out modular exponentiation for nbit exponents. The load reduces to O(log 2 n) for any exponentiationbased scheme where the honest device may use two untrusted exponentiation programs; we highlight the CramerShoup cryptosystem [13] and Schnorr signatures [28] as examples. With a relaxed notion of security, we achieve the same load reduction for a new CCA2secure encryption scheme using only one untrusted CramerShoup encryption program. 1
Foundational Proof Checkers with Small Witnesses
, 2003
"... Proof checkers for proofcarrying code (and similar systems) can su#er from two problems: huge proof witnesses and untrustworthy proof rules. No previous design has addressed both of these problems simultaneously. We show the theory, design, and implementation of a proofchecker that permits small p ..."
Abstract

Cited by 24 (6 self)
 Add to MetaCart
Proof checkers for proofcarrying code (and similar systems) can su#er from two problems: huge proof witnesses and untrustworthy proof rules. No previous design has addressed both of these problems simultaneously. We show the theory, design, and implementation of a proofchecker that permits small proof witnesses and machinecheckable proofs of the soundness of the system.
Enforcing resource bounds via static verification of dynamic checks
 In European Symp. on Programming
, 2005
"... We show how to limit a program’s resource usage in an efficient way, using a novel combination of dynamic checks and static analysis. Usually, dynamic checking is inefficient, due to the overhead of checks, while static analysis is difficult and rejects many safe programs. We propose a hybrid approa ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
We show how to limit a program’s resource usage in an efficient way, using a novel combination of dynamic checks and static analysis. Usually, dynamic checking is inefficient, due to the overhead of checks, while static analysis is difficult and rejects many safe programs. We propose a hybrid approach that solves these problems. We split each resourceconsuming operation into two parts. The first part is a dynamic check, called reserve. The second part is the actual operation, called consume, which does not perform any dynamic checks. The programmer is then free to hoist and combine reserve operations. Combining reserve operations reduces their overhead, while hoisting reserve operations ensures that the program does not run out of resources at an inconvenient time. A static verifier ensures that the program reserves resources before it consumes them. This verification is both easier and more flexible than a priori static verification of resource usage. We present a sound and efficient static verifier based on Hoare logic and linear inequalities. As an example, we present a version of tar written in Java.
HigherOrder Substitution Tree Indexing
 19th International Conference on Logic Programming
, 2003
"... We present a higherorder term indexing strategy based on substitution trees. The strategy is based in linear higherorder patterns where computationally expensive parts are delayed. Insertion of terms into the index is based on computing the most specific linear generalization of two linear hig ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
We present a higherorder term indexing strategy based on substitution trees. The strategy is based in linear higherorder patterns where computationally expensive parts are delayed. Insertion of terms into the index is based on computing the most specific linear generalization of two linear higherorder patterns. Retrieving terms is based on matching two linear higherorder patterns. This indexing structure is implemented as part of the Twelf system to speedup the execution of the tabled higherlogic programming interpreter. Experimental results show substantial performance improvements, between 100% and over 800%.
Automatic construction of hoare proofs from abstract interpretation results
 In The First Asian Symposium on Programming Languages and Systems, LNCS
, 2003
"... Abstract. By combining program logic and static analysis, we present an automatic approach to construct program proofs to be used in ProofCarrying Code. We use Hoare logic in representing the proofs of program properties, and the abstract interpretation in computing the program interpretation autom ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
Abstract. By combining program logic and static analysis, we present an automatic approach to construct program proofs to be used in ProofCarrying Code. We use Hoare logic in representing the proofs of program properties, and the abstract interpretation in computing the program interpretation automatically estimates program properties (approximate invariants) of our interest, and our proofconstruction method constructs a Hoareproof for those approximate invariants. The proofchecking side (code consumer’s side) is insensitive to a specific static analysis; the assertions in the Hoare proofs are always firstorder logic formulas for integers, into which we first compile the abstract interpreters ’ results. Both the propertycompilation and the proof construction refer to the standard safety conditions that are prescribed in the abstract interpretation framework. We demonstrate this approach for a simple imperative language with an example property being the integer ranges of program variables. We prove the correctness of our approach, and analyze the size complexity of the generated proofs. 1