Results 1  10
of
150
From System F to Typed Assembly Language
 ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS
, 1998
"... ..."
A Fast LinearArithmetic Solver for DPLL(T)
, 2006
"... We present a new Simplexbased linear arithmetic solver that can be integrated efficiently in the DPLL(T) framework. The new solver improves over existing approaches by enabling fast backtracking, supporting a priori simplification to reduce the problem size, and providing an efficient form of the ..."
Abstract

Cited by 289 (13 self)
 Add to MetaCart
(Show Context)
We present a new Simplexbased linear arithmetic solver that can be integrated efficiently in the DPLL(T) framework. The new solver improves over existing approaches by enabling fast backtracking, supporting a priori simplification to reduce the problem size, and providing an efficient form of theory propagation. We also present a new and simple approach for solving strict inequalities. Experimental results show substantial performance improvements over existing tools that use other Simplexbased solvers in DPLL(T) decision procedures. The new solver is even competitive with stateoftheart tools specialized for the difference logic fragment.
Foundational ProofCarrying Code
, 2001
"... Proofcarrying code is a framework for the mechanical verification of safety properties of machine language programs, but the problem arises of quis custodiat ipsos custodeswho will verify the verifier itself? Foundational proofcarrying code is verification from the smallest possible set of axio ..."
Abstract

Cited by 252 (9 self)
 Add to MetaCart
Proofcarrying code is a framework for the mechanical verification of safety properties of machine language programs, but the problem arises of quis custodiat ipsos custodeswho will verify the verifier itself? Foundational proofcarrying code is verification from the smallest possible set of axioms, using the simplest possible verifier and the smallest possible runtime system. I will describe many of the mathematical and engineering problems to be solved in the construction of a foundational proofcarrying code system.
Translation Validation for an Optimizing Compiler
, 2000
"... We describe a translation validation infrastructure for the GNU C compiler. During the compilation the infrastructure compares the intermediate form of the program before and after each compiler pass and verifies the preservation of semantics. We discuss a general framework that the optimizer can us ..."
Abstract

Cited by 212 (7 self)
 Add to MetaCart
(Show Context)
We describe a translation validation infrastructure for the GNU C compiler. During the compilation the infrastructure compares the intermediate form of the program before and after each compiler pass and verifies the preservation of semantics. We discuss a general framework that the optimizer can use to communicate to the validator what transformations were performed. Our implementation however does not rely on help from the optimizer and it is quite successful by using instead a few heuristics to detect the transformations that take place. The main message of this paper is that a practical translation validation infrastructure, able to check the correctness of many of the transformations performed by a realistic compiler, can be implemented with about the effort typically required to implement one compiler pass. We demonstrate this in the context of the GNU C compiler for a number of its optimizations while compiling realistic programs such as the compiler itself or the Linux kernel. W...
ProofCarrying Authentication
 In Proceedings of the 6th ACM Conference on Computer and Communications Security
, 1999
"... We have designed and implemented a general and powerful distributed authentication framework based on higherorder logic. Authentication frameworks  including Taos, SPKI, SDSI, and X.509  have been explained using logic. We show that by starting with the logic, we can implement these framework ..."
Abstract

Cited by 202 (6 self)
 Add to MetaCart
(Show Context)
We have designed and implemented a general and powerful distributed authentication framework based on higherorder logic. Authentication frameworks  including Taos, SPKI, SDSI, and X.509  have been explained using logic. We show that by starting with the logic, we can implement these frameworks, all in the same concise and efficient system. Because our logic has no decision procedure  although proof checking is simple  users of the framework must submit proofs with their requests.
ABCD: Eliminating Array Bounds Checks on Demand
, 2000
"... To guarantee execution, Java and other strongly typed languages require bounds checking of array accesses. Because bounds checks may raise exceptions, they block code motion of instructions with side effects, thus preventing many useful code optimizations, such as partial redundancy elimination or i ..."
Abstract

Cited by 148 (7 self)
 Add to MetaCart
To guarantee execution, Java and other strongly typed languages require bounds checking of array accesses. Because bounds checks may raise exceptions, they block code motion of instructions with side effects, thus preventing many useful code optimizations, such as partial redundancy elimination or instruction scheduling of memory operations. Furthermore, because it is not expressible at level, the elimination of bounds checks can only be performed at run time, after the program is loaded. Using existing powerful boundscheck optimizers at run time is not feasible, however, because they are too heavyweight for the dynamic compilation setting. ABCD is a lightweight algorithm for elimination of &ray Checks on Demand. Its design emphasizes simplicity and efficiency. In essence, ABCD works by adding a few edges to the SSA value graph and performing a simple traversal of the graph. Despite its simplicity, ABCD is surprisingly powerful. On our benchmarks, ABCD removes on average 45 % of dynamic bound check instructions, sometimes achieving nearideal optimization. The efficiency of ABCD stems from two factors. First, ABCD works on a representation. As a result, it requires on average fewer than 10 simple analysis steps per bounds check. Second, ABCD is demanddriven. It can be applied to a set of frequently executed (hot) bounds checks, which makes it suitable for the dynamiccompilation setting, in which compiletime cost is constrained but hot statements are known.
A Certifying Compiler for Java
 ACM SIGPLAN Notices
, 2000
"... This paper presents the initial results of a project to determine if the techniques of proofcarrying code and certifying compilers can be applied to programming languages of realistic size and complexity. The experiment shows that: (1) it is possible to implement a certifying nativecode compiler f ..."
Abstract

Cited by 144 (16 self)
 Add to MetaCart
(Show Context)
This paper presents the initial results of a project to determine if the techniques of proofcarrying code and certifying compilers can be applied to programming languages of realistic size and complexity. The experiment shows that: (1) it is possible to implement a certifying nativecode compiler for a large subset of the Java programming language; (2) the compiler is freely able to apply many standard local and global optimizations; and (3) the PCC binaries it produces are of reasonable size and can be rapidly checked for type safety by a small proofchecker. This paper also presents further evidence that PCC provides several advantages for compiler development. In particular, generating proofs of the target code helps to identify compiler bugs, many of which would have been dicult to discover by testing.
A semantic model of types and machine instructions for proofcarrying code
 In Principles of Programming Languages
"... Proofcarrying code is a framework for proving the safety of machinelanguage programs with a machinecheckable proof. Such proofs have previously defined typechecking rules as part of the logic. We show a universal type framework for proofcarrying code that will allow a code producer to choose a p ..."
Abstract

Cited by 130 (19 self)
 Add to MetaCart
(Show Context)
Proofcarrying code is a framework for proving the safety of machinelanguage programs with a machinecheckable proof. Such proofs have previously defined typechecking rules as part of the logic. We show a universal type framework for proofcarrying code that will allow a code producer to choose a programming language, prove the type rules for that language as lemmas in higherorder logic, then use those lemmas to prove the safety of a particular program. We show how to handle traversal, allocation, and initialization of values in a wide variety of types, including functions, records, unions, existentials, and covariant recursive types. 1
THE INLINED REFERENCE MONITOR APPROACH TO SECURITY POLICY ENFORCEMENT
, 2004
"... Embedding security enforcement code into applications is an alternative to traditional security mechanisms. This dissertation supports the thesis that such Inlined Reference Monitors, or IRMs, offer many advantages and are a practical option in modern systems. IRMs enable flexible generalpurpose e ..."
Abstract

Cited by 99 (1 self)
 Add to MetaCart
Embedding security enforcement code into applications is an alternative to traditional security mechanisms. This dissertation supports the thesis that such Inlined Reference Monitors, or IRMs, offer many advantages and are a practical option in modern systems. IRMs enable flexible generalpurpose enforcement of security policies, and they are especially well suited for extensible systems and other nontraditional platforms. IRMs can exhibit similar, or even better, performance than previous approaches and can help increase assurance by contributing little to the size of a trusted computing base. Moreover, IRMs ’ agility in distributed settings allows for their costeffective and trustworthy deployment in many scenarios. In this dissertation, IRM implementations are derived from formal automatabased specifications of security policies. Then, an IRM toolkit for Java is described in detail. This Java IRM toolkit uses an imperative policy language that allows a security policy, in combination with the details of its enforcement, to be given in a single complete specification. Various example policies, including the stackinspection policy of Java, illustrate the approach. These examples shed light on
A syntactic approach to foundational proofcarrying code
 In Seventeenth IEEE Symposium on Logic in Computer Science
, 2002
"... ProofCarrying Code (PCC) is a general framework for verifying the safety properties of machinelanguage programs. PCC proofs are usually written in a logic extended with languagespecific typing rules. In Foundational ProofCarrying Code (FPCC), on the other hand, proofs are constructed and verifie ..."
Abstract

Cited by 94 (19 self)
 Add to MetaCart
(Show Context)
ProofCarrying Code (PCC) is a general framework for verifying the safety properties of machinelanguage programs. PCC proofs are usually written in a logic extended with languagespecific typing rules. In Foundational ProofCarrying Code (FPCC), on the other hand, proofs are constructed and verified using strictly the foundations of mathematical logic, with no typespecific axioms. FPCC is more flexible and secure because it is not tied to any particular type system and it has a smaller trusted base. Foundational proofs, however, are much harder to construct. Previous efforts on FPCC all required building sophisticated semantic models for types. In this paper, we present a syntactic approach to FPCC that avoids the difficulties of previous work. Under our new scheme, the foundational proof for a typed machine program simply consists of the typing derivation plus the formalized syntactic soundness proof for the underlying type system. We give a translation from a typed assembly language into FPCC and demonstrate the advantages of our new system via an implementation in the Coq proof assistant. 1.