Abstract
A certified program analysis is an analysis whose implementation is accompanied by a checkable proof of soundness. We present a framework whose purpose is to simplify the development of certified program analyses without compromising the run-time efficiency of the analyses. At the core of the framework is a novel technique for automatically extracting Coq proof-assistant specifications from ML implementations of program analyses, while preserving to a large extent the structure of the implementation. We show that this framework allows developers of mobile code to provide to the code receivers untrusted code verifiers in the form of certified program analyses. We demonstrate efficient implementations in this framework of bytecode verification, typed assembly language, and proof-carrying code.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This research was supported in part by NSF Grants CCR-0326577, CCF-0524784, and CCR-00225610; an NSF Graduate Fellowship; and an NDSEG Fellowship. The information presented here does not necessarily reflect the position or the policy of the Government and no official endorsement should be inferred.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Appel, A.W.: Foundational proof-carrying code. In: Proc. of the 16th Symposium on Logic in Computer Science, June 2001, pp. 247–258 (2001)
Appel, A.W., Felty, A.P.: A semantic model of types and machine instructions for proof-carrying code. In: Proc. of the 27th Symposium on Principles of Programming Languages, January 2000, pp. 243–253 (2000)
Barthe, G., Courtieu, P., Dufay, G., de Sousa, S.M.: Tool-assisted specification and verification of the javaCard platform. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, p. 41. Springer, Heidelberg (2002)
Benton, N., Kennedy, A., Russell, G.: Compiling Standard ML to Java bytecodes. In: Proc. of the International Conference on Functional Programming, June 1999, pp. 129–140 (1999)
Bertot, Y.: Formalizing a JVML verifier for initialization in a theorem prover. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 14–24. Springer, Heidelberg (2001)
Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: A static analyzer for large safety-critical software. In: Proc. of the Conference on Programming Language Design and Implementation, pp. 196–207 (2003)
Bothner, P.: Kawa — compiling dynamic languages to the Java VM. In: Proc. of the FreeNIX Track: USENIX 1998 annual technical conference (1998)
Cachera, D., Jensen, T.P., Pichardie, D., Rusu, V.: Extracting a data flow analyser in constructive logic. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 385–400. Springer, Heidelberg (2004)
Chang, B.-Y.E., Chlipala, A., Necula, G.C.: A framework for certified program analysis and its applications to mobile-code safety. Technical Report UCB ERL M05/32, University of California, Berkeley (2005)
Chang, B.-Y.E., Chlipala, A., Necula, G.C., Schneck, R.R.: The Open Verifier framework for foundational verifiers. In: Proc. of the 2nd Workshop on Types in Language Design and Implementation (January 2005)
Colby, C., Lee, P., Necula, G.C., Blau, F., Plesko, M., Cline, K.: A certifying compiler for Java. In: Proc. of the Conference on Programming Language Design and Implementation, May 2000, pp. 95–107 (2000)
Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. of the 4th Symposium on Principles of Programming Languages, pp. 234–252 (January 1977)
Cousot, P., Cousot, R.: Abstract interpretation frameworks. J. Log. Comput. 2(4), 511–547 (1992)
Crary, K.: Toward a foundational typed assembly language. In: Proc. of the 30th Symposium on Principles of Programming Languages, January 2003, pp. 198–212 (2003)
Dijkstra, E.W.: Guarded commands, nondeterminancy and formal derivation of programs. Communications of the ACM 18, 453–457 (1975)
Filliâtre, J.-C.: Why: a multi-language multi-prover verification tool. Research Report 1366, LRI, Université Paris Sud (March 2003)
Filliâtre, J.-C., Marché, C.: Multi-Prover Verification of C Programs. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 15–29. Springer, Heidelberg (2004)
Gordon, A.D., Syme, D.: Typing a multi-language intermediate code. In: Proc. of the 28th Symposium on Principles of Programming Languages, pp. 248–260 (January 2001)
Gough, K.J., Corney, D.: Evaluating the Java virtual machine as a target for languages other than Java. In: Joint Modula Languages Conference (September 2000)
Hamid, N.A., Shao, Z., Trifonov, V., Monnier, S., Ni, Z.: A syntactic approach to foundational proof-carrying code. In: Proc. of the 17th Symposium on Logic in Computer Science, pp. 89–100 (July 2002)
Klein, G., Nipkow, T.: Verified lightweight bytecode verification. Concurrency – practice and experience 13(1) (2001)
Klein, G., Nipkow, T.: Verified bytecode verifiers. Theor. Comput. Sci. 298(3), 583–626 (2003)
Lasseter, J.H.E.F.: Toolkits for the automatic construction of data flow analyzers. Technical Report CIS-TR-04-03, University of Oregon (2003)
Lerner, S., Millstein, T., Rice, E., Chambers, C.: Automated soundness proofs for dataflow analyses and transformations via local rules. In: Proc. of the 32nd Symposium on Principles of Programming Languages, pp. 364–377 (2005)
Lindholm, T., Yellin, F.: The Java Virtual Machine Specification. The Java Series. Addison-Wesley, Reading (January 1997)
Morrisett, G., Crary, K., Glew, N., Grossman, D., Samuels, R., Smith, F., Walker, D., Weirich, S., Zdancewic, S.: Talc releases (2003), http://www.cs.cornell.edu/talc/releases.html
Necula, G.C.: Proof-carrying code. In: Proc. of the 24th Symposium on Principles of Programming Languages, pp. 106–119 (January 1997)
Necula, G.C., Jhala, R., Majumdar, R., Henzinger, T.A., Weimer, W.: Temporal-safety proofs for systems code. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, p. 526. Springer, Heidelberg (2002)
Paulson, L.C.: Isabelle. LNCS, vol. 828. Springer, Heidelberg (1994)
Rose, E.: Lightweight bytecode verification. J. Autom. Reason. 31(3-4), 303–334 (2003)
Wadler, P.: Monads for functional programming. In: Jeuring, J., Meijer, E. (eds.) AFP 1995. LNCS, vol. 925, pp. 24–52. Springer, Heidelberg (1995)
Wu, D., Appel, A.W., Stump, A.: Foundational proof checkers with small witnesses. In: Proc. of the 5th International Conference on Principles and Practice of Declarative Programming, August 2003, pp. 264–274 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chang, BY.E., Chlipala, A., Necula, G.C. (2005). A Framework for Certified Program Analysis and Its Applications to Mobile-Code Safety. In: Emerson, E.A., Namjoshi, K.S. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2006. Lecture Notes in Computer Science, vol 3855. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11609773_12
Download citation
DOI: https://doi.org/10.1007/11609773_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-31139-3
Online ISBN: 978-3-540-31622-0
eBook Packages: Computer ScienceComputer Science (R0)