## Certificate translation in abstract interpretation (2008)

Venue: | ESOP, Lecture Notes in Computer Science |

Citations: | 11 - 8 self |

### BibTeX

@INPROCEEDINGS{Barthe08certificatetranslation,

author = {Gilles Barthe and César Kunz},

title = {Certificate translation in abstract interpretation},

booktitle = {ESOP, Lecture Notes in Computer Science},

year = {2008},

publisher = {Springer}

}

### OpenURL

### Abstract

Abstract. A certificate is a mathematical object that can be used to establish that a piece of mobile code satisfies some security policy. Since in general certificates cannot be generated automatically, there is an interest in developing methods to reuse certificates. This article formalises in the setting of abstract interpretation a method to transform certificates of program correctness along program transformations. 1

### Citations

1877 |
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints
- Cousot, Cousot
- 1977
(Show Context)
Citation Context ...ecessarily interactive in the general case. It is therefore of interest to develop methods that simplify the construction of certificates. In this paper, we use the setting of abstract interpretation =-=[8, 9]-=- to describe a method for transforming certificates along program transformations. We provide sufficient conditions for transforming a certificate of a program G into a certificate of a program G ′ , ... |

1091 | Proof-Carrying Code
- Necula
- 1997
(Show Context)
Citation Context ... (via the Curry-Howard isomorphism) and of result checking. Certificates are also used to carry evidence of innocuousness of components in mobile code: in a typical Proof Carrying Code (PCC) scenario =-=[11]-=-, a piece of mobile code is downloaded together with a certificate that shows its adherence to the consumer policy. While certificate checking is reasonably understood, certificate generation remains ... |

630 | Systematic design of program analysis frameworks by abstract interpretation
- COUSOT, COUSOT
- 1979
(Show Context)
Citation Context ...ecessarily interactive in the general case. It is therefore of interest to develop methods that simplify the construction of certificates. In this paper, we use the setting of abstract interpretation =-=[8, 9]-=- to describe a method for transforming certificates along program transformations. We provide sufficient conditions for transforming a certificate of a program G into a certificate of a program G ′ , ... |

81 | Simple relational correctness proofs for static analyses and program transformations
- BENTON
(Show Context)
Citation Context ...th from l that reaches an expression referring to x, without traversing an assignment to x. We prefer to use a more extensional interpretation of liveness, inspired by Benton’s Relational Hoare Logic =-=[5]-=-, identifying a declaration of a set of live variables as a relational proposition. To this end, we generalize the abstract domain A of the certificate infrastructure to include relational proposition... |

36 | Abstraction-Carrying Code
- Albert, Puebla, et al.
- 2005
(Show Context)
Citation Context ...lated Work Certified solutions. Abstraction Carrying Code (ACC) is an instance of PCC where programs come with a solution in an abstract interpretation that can be used to specify the consumer policy =-=[1]-=-. ACC is closely related to our notion of certified solution; in fact, one may view the latter as a natural extension of ACC to settings where the pre-order relation is either undecidable, or expensiv... |

30 |
Certificate translation for optimizing compilers
- BARTHE, GRÉGOIRE, et al.
- 2009
(Show Context)
Citation Context ...reG ′ is derived from G by a semantically justified program transformation, typically a program optimization. These results provide substantial leverage on our earlier work on certificate translation =-=[3]-=-. Certificate Translation. The primary goal of certificate translation is to extend the scope of PCC to complex policies, by supporting the generation of certificates from interactive source code veri... |

26 | A logic for bytecode
- Bannwart, Müller
- 2004
(Show Context)
Citation Context ...ce of certificates for solutions of backwards abstract interpretations. The technique was applied in the context of a certified PCC infrastructure [16]. Certificate translation. Müller and co-workers =-=[2, 10]-=- define a proof transforming compiler for sequential Java. They consider Hoare logics for source and bytecode programs, and transform a correct derivation for a Java program into a correct derivation ... |

17 | Proof-transforming compilation of programs with abrupt termination
- Müller, Nordio
- 2007
(Show Context)
Citation Context ...ce of certificates for solutions of backwards abstract interpretations. The technique was applied in the context of a certified PCC infrastructure [16]. Certificate translation. Müller and co-workers =-=[2, 10]-=- define a proof transforming compiler for sequential Java. They consider Hoare logics for source and bytecode programs, and transform a correct derivation for a Java program into a correct derivation ... |

16 |
Proof obligations preserving compilation
- BARTHE, REZK, et al.
- 2005
(Show Context)
Citation Context ...t perform any optimization, proof obligations are preserved(up to syntactic equality), and hence it is possible to reuse directly certificates of source code programs for their compilation; see e.g. =-=[4]-=-. In contrast, program optimizations make certificate translation more challenging. In [3], we show in a simplified setting that one can define certificate transformers for common program optimization... |

16 | Automatic Construction of Hoare Proofs from Abstract Interpretation Results
- Seo, Yang, et al.
- 2003
(Show Context)
Citation Context ...i.e. there is no notion of certificate. Certifying analyzers. We are aware of two previous works on certifying, or proofproducing, program analyses. Both consider the backwards case. Seo, Yang andYi =-=[15]-=- consider a generic backwards abstract interpretation for a simple imperative language and provide an algorithm that automatically constructs safety proofs in Hoare logic from abstract interpretation ... |

14 |
Bytecode analysis for proof carrying code
- Wildmoser, Chaieb, et al.
- 2005
(Show Context)
Citation Context ...us, and provides sufficient conditions of the existence of certificates for solutions of backwards abstract interpretations. The technique was applied in the context of a certified PCC infrastructure =-=[16]-=-. Certificate translation. Müller and co-workers [2, 10] define a proof transforming compiler for sequential Java. They consider Hoare logics for source and bytecode programs, and transform a correct ... |

12 |
Abstract Interpretation-based Certification of Assembly Code
- Rival
- 2003
(Show Context)
Citation Context ... program analysis framework in which certificates are used to verify inclusions between elements of the abstract domain of polyhedra. Their analysis is also an instance of a certified solution. Rival =-=[12, 13]-=- proposed a method to translate the result of a static analysis along program compilation. Result validation is restricted to post-fixpoint checking, i.e. there is no notion of certificate. Certifying... |

11 |
Symbolic Transfer Functions-based Approaches to Certified Compilation
- Rival
- 2004
(Show Context)
Citation Context ... program analysis framework in which certificates are used to verify inclusions between elements of the abstract domain of polyhedra. Their analysis is also an instance of a certified solution. Rival =-=[12, 13]-=- proposed a method to translate the result of a static analysis along program compilation. Result validation is restricted to post-fixpoint checking, i.e. there is no notion of certificate. Certifying... |

8 | Result certification for relational program analysis. Research Report 6333
- BESSON, JENSEN, et al.
- 2007
(Show Context)
Citation Context ...tural extension of ACC to settings where the pre-order relation is either undecidable, or expensive to compute, and where the use of certificates is required in order to check solutions. Besson et al =-=[6]-=- have recently developed a program analysis framework in which certificates are used to verify inclusions between elements of the abstract domain of polyhedra. Their analysis is also an instance of a ... |

6 | Type systems for optimizing stack-based code
- Saabas, Uustalu
- 2007
(Show Context)
Citation Context ...logics for source and bytecode programs, and transform a correct derivation for a Java program into a correct derivation for the JVM program obtained by non-optimizing compilation. Saabas and Uustalu =-=[14]-=- develop type-based methods to establish the existence of certifying analyzers and certificate transformers. They illustrate the feasibility of their method by explaining in detail two particular tran... |

5 | Proof-producing program analysis
- CHAIEB
(Show Context)
Citation Context ...rtificates which justify their results. In this section, we thus provide sufficient conditions under which every solution may be certified. Proposition 1 below generalizes a previous result of Chaieb =-=[7]-=-, who only considered the case where f =↑ and f ♯ =↓. Let G be a program, I♯ = 〈A♯, {T ♯ e }, f ♯ 〉 be an abstract interpretation, I = 〈A, {Te}, f〉 a certificate infrastructure of program G, and γ : A... |