Results 1  10
of
47
The Design and Implementation of a Certifying Compiler
, 1998
"... This paper presents the design and implementation of a compiler that translates programs written in a typesafe subset of the C programming language into highly optimized DEC Alpha assembly language programs, and a certifier that automatically checks the type safety and memory safety of any assembl ..."
Abstract

Cited by 288 (10 self)
 Add to MetaCart
(Show Context)
This paper presents the design and implementation of a compiler that translates programs written in a typesafe subset of the C programming language into highly optimized DEC Alpha assembly language programs, and a certifier that automatically checks the type safety and memory safety of any assembly language program produced by the compiler. The result of the certifier is either a formal proof of type safety or a counterexample pointing to a potential violation of the type system by the target program. The ensemble of the compiler and the certifier is called a certifying compiler. Several advantages of certifying compilation over previous approaches can be claimed. The notion of a certifying compiler is significantly easier to employ than a formal compiler verification, in part because it is generally easier to verify the correctness of the result of a computation than to prove the correctness of the computation itself. Also, the approach can be applied even to highly optimizing compilers, as demonstrated by the fact that our compiler generates target code, for a range of realistic C programs, which is competitive with both the cc and gee compilers with all optimizations enabled. The certifier also drastically improves the effectiveness of compiler testing because, for each test case, it statically signals compilation errors that might otherwise require many executions to detect. Finally, this approach is a practical way to produce the safety proofs for a ProofCarrying Code system, and thus may be useful in a system for safe mobile code.
A Certifying Compiler for Java
 ACM SIGPLAN Notices
, 2000
"... This paper presents the initial results of a project to determine if the techniques of proofcarrying code and certifying compilers can be applied to programming languages of realistic size and complexity. The experiment shows that: (1) it is possible to implement a certifying nativecode compiler f ..."
Abstract

Cited by 145 (16 self)
 Add to MetaCart
(Show Context)
This paper presents the initial results of a project to determine if the techniques of proofcarrying code and certifying compilers can be applied to programming languages of realistic size and complexity. The experiment shows that: (1) it is possible to implement a certifying nativecode compiler for a large subset of the Java programming language; (2) the compiler is freely able to apply many standard local and global optimizations; and (3) the PCC binaries it produces are of reasonable size and can be rapidly checked for type safety by a small proofchecker. This paper also presents further evidence that PCC provides several advantages for compiler development. In particular, generating proofs of the target code helps to identify compiler bugs, many of which would have been dicult to discover by testing.
Efficient Representation and Validation of Proofs
, 1998
"... This paper presents a logical framework derived from the Edinburgh Logical Framework (LF) [5] that can be used to obtain compact representations of proofs and efficient proof checkers. These are essential ingredients of any application that manipulates proofs as firstclass objects, such as a Proof ..."
Abstract

Cited by 64 (8 self)
 Add to MetaCart
(Show Context)
This paper presents a logical framework derived from the Edinburgh Logical Framework (LF) [5] that can be used to obtain compact representations of proofs and efficient proof checkers. These are essential ingredients of any application that manipulates proofs as firstclass objects, such as a ProofCarrying Code [11] system, in which proofs are used to allow the easy validation of properties of safetycritical or untrusted code. Our framework, which we call LF i , inherits from LF the capability to encode various logics in a natural way. In addition, the LF i framework allows proof representations without the high degree of redundancy that is characteristic of LF representations. The missing parts of LF i proof representations can be reconstructed during proof checking by an efficient reconstruction algorithm. We also describe an algorithm that can be used to strip the unnecessary parts of an LF representation of a proof. The experimental data that we gathered in the context of a Proof...
Access Control for the Web via ProofCarrying Authorization
, 2003
"... After a short period of being not much more than a curiosity, the WorldWide Web quickly became an important medium for discussion, commerce, and business. Instead of holding just information that the entire world could see, web pages also became used to access email, financial records, and other pe ..."
Abstract

Cited by 58 (6 self)
 Add to MetaCart
After a short period of being not much more than a curiosity, the WorldWide Web quickly became an important medium for discussion, commerce, and business. Instead of holding just information that the entire world could see, web pages also became used to access email, financial records, and other personal or proprietary data that was meant to be viewed only by particular individuals or groups. This made it necessary to design mechanisms that would restrict access to web pages. Unfortunately, most current mechanisms are lacking in generality and flexibilitythey interoperate poorly and can express only a limited number of security policies.
Safe, Untrusted Agents using ProofCarrying Code
 of Lecture Notes in Computer Science
, 1998
"... . ProofCarrying Code (PCC) enables a computer system to determine, automatically and with certainty, that program code provided by another system is safe to install and execute without requiring interpretation or runtime checking. PCC has applications in any computing system in which the safe, eff ..."
Abstract

Cited by 35 (3 self)
 Add to MetaCart
. ProofCarrying Code (PCC) enables a computer system to determine, automatically and with certainty, that program code provided by another system is safe to install and execute without requiring interpretation or runtime checking. PCC has applications in any computing system in which the safe, efficient, and dynamic installation of code is needed. The key idea of ProofCarrying is to attach to the code an easilycheckable proof that its execution does not violate the safety policy of the receiving system. This paper describes the design and a typical implementation of ProofCarrying Code, where the language used for specifying the safety properties is firstorder predicate logic. Examples of safety properties that are covered in this paper are memory safety and compliance with data access policies, resource usage bounds, and data abstraction boundaries. 1 Introduction ProofCarrying Code (PCC) enables a computer system to determine, automatically and with certainty, that program cod...
Tabled HigherOrder Logic Programming
 In 20th International Conference on Automated Deduction
, 2003
"... Elf is a general metalanguage for the specification and implementation of logical systems in the style of the logical framework LF. Based on a logic programming interpretation, it supports executing logical systems and reasoning with and about them, thereby reducing the effort required for each ..."
Abstract

Cited by 34 (14 self)
 Add to MetaCart
(Show Context)
Elf is a general metalanguage for the specification and implementation of logical systems in the style of the logical framework LF. Based on a logic programming interpretation, it supports executing logical systems and reasoning with and about them, thereby reducing the effort required for each particular logical system. The traditional logic programming paradigm is extended by replacing firstorder terms with dependently typed terms and allowing implication and universal quantification in the bodies of clauses. These higherorder features allow us to model concisely and elegantly conditions on variables and the discharge of assumptions which are prevalent in many logical systems. However, many specifications are not executable under the traditional logic programming semantics and performance may be hampered by redundant computation. To address these problems, I propose a tabled higherorder logic programming interpretation for Elf. Some redundant computation is eliminated by memoizing subcomputation and reusing its result later. If we do not distinguish different proofs for a property, then search based on tabled logic programming is complete and terminates for programs with bounded recursion. In this proposal, I present a prooftheoretical characterization for tabled higherorder logic programming. It is the basis of the implemented prototype for tabled logic programming interpreter for Elf. Preliminary experiments indicate that many more logical specifications are executable under the tabled semantics. In addition, tabled computation leads to more efficient execution of programs. The goal of the thesis is to demonstrate that tabled logic programming allows us to efficiently automate reasoning with and about logical systems in the logical f...
Expressiveness + automation + soundness: Towards combining SMT solvers and interactive proof assistants
 IN TOOLS AND ALGORITHMS FOR CONSTRUCTION AND ANALYSIS OF SYSTEMS (TACAS
, 2006
"... Formal system development needs expressive specification languages, but also calls for highly automated tools. These two goals are not easy to reconcile, especially if one also aims at high assurances for correctness. In this paper, we describe a combination of Isabelle/HOL with a proofproducing ..."
Abstract

Cited by 31 (5 self)
 Add to MetaCart
(Show Context)
Formal system development needs expressive specification languages, but also calls for highly automated tools. These two goals are not easy to reconcile, especially if one also aims at high assurances for correctness. In this paper, we describe a combination of Isabelle/HOL with a proofproducing SMT (Satisfiability Modulo Theories) solver that contains a SAT engine and a decision procedure for quantifierfree firstorder logic with equality. As a result, a user benefits from the expressiveness of Isabelle/HOL when modeling a system, but obtains much better automation for those fragments of the proofs that fall within the scope of the (automatic) SMT solver. Soundness is not compromised because all proofs are submitted to the trusted kernel of Isabelle for certification. This architecture is straightforward to extend for other interactive proof assistants and proofproducing reasoners.
Synthesizing certified code
 Proc. Intl. Symp. Formal Methods Europe 2002: Formal Methods—Getting IT Right, LNCS 2391
, 2002
"... Abstract. Code certification is a lightweight approach for formally demonstrating software quality. Its basic idea is to require code producers to provide formal proofs that their code satisfies certain quality properties. These proofs serve as certificates that can be checked independently. Since c ..."
Abstract

Cited by 30 (16 self)
 Add to MetaCart
(Show Context)
Abstract. Code certification is a lightweight approach for formally demonstrating software quality. Its basic idea is to require code producers to provide formal proofs that their code satisfies certain quality properties. These proofs serve as certificates that can be checked independently. Since code certification uses the same underlying technology as program verification, it requires detailed annotations (e.g., loop invariants) to make the proofs possible. However, manually adding annotations to the code is timeconsuming and errorprone. We address this problem by combining code certification with automatic program synthesis. Given a highlevel specification, our approach simultaneously generates code and all annotations required to certify the generated code. We describe a certification extension of AutoBayes, a synthesis tool for automatically generating data analysis programs. Based on builtin domain knowledge, proof annotations are added and used to generate proof obligations that are discharged by the automated theorem prover ESETHEO. We demonstrate our approach by certifying operator and memorysafety on a dataclassification program. For this program, our approach was faster and more precise than PolySpace, a commercial static analysis tool.
External Rewriting for Skeptical Proof Assistants
, 2002
"... This paper presents the design, the implementation and experiments of the integration of syntactic, conditional possibly associativecommutative term rewriting into proof assistants based on constructive type theory. Our approach is called external since it consists in performing term rewriting in a ..."
Abstract

Cited by 23 (5 self)
 Add to MetaCart
This paper presents the design, the implementation and experiments of the integration of syntactic, conditional possibly associativecommutative term rewriting into proof assistants based on constructive type theory. Our approach is called external since it consists in performing term rewriting in a speci c and ecient environment and to check the computations later in a proof assistant.
Optimizing HigherOrder Pattern Unification
 19th International Conference on Automated Deduction
, 2003
"... We present an abstract view of existential variables in a dependently typed lambdacalculus based on modal type theory. This allows us to justify optimizations to pattern unification such as linearization, which eliminates many unnecessary occurschecks. The presented modal framework explains a ..."
Abstract

Cited by 19 (10 self)
 Add to MetaCart
We present an abstract view of existential variables in a dependently typed lambdacalculus based on modal type theory. This allows us to justify optimizations to pattern unification such as linearization, which eliminates many unnecessary occurschecks. The presented modal framework explains a number of features of the current implementation of higherorder unification in Twelf and provides insight into several optimizations. Experimental results demonstrate significant performance improvement in many example applications of Twelf, including those in the area of proofcarrying code.