Necula G. C., Compiling with Proofs, PhD Thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, September 1998  Home/Search   Document Not in Database   Summary   Related Articles   Check

....evidence of safety which can be mechanically checked by the host; thus the host can safely execute the program even though the producer may not be trusted. Although the PCC framework is general and potentially applicable to certifying arbitrary data objects with complex speci cations [14, 2], generating proofs remains dicult. Existing PCC systems [16, 12, 3, 1] have only focused on programs whose safety proofs can be automatically generated. As a result, many low level system libraries, such as dynamic storage allocation, have not been certi ed. Nonetheless, building certi ed ....

G. Necula. Compiling with Proofs. PhD thesis, School of Computer Science, Carnegie Mellon Univ., Sept. 1998.

....Academic Publishers. Printed in the Netherlands. 2 Hamid et al. host along with a formal proof of its safety. The proof can be mechanically checked by the host and the producer need not be trusted because a valid proof is a dependable certificate of safety. The proofs in Necula s PCC systems [16, 7] are written in a logic extended with many language specific typing rules. They can guarantee safety only if there are no bugs in the verification condition generator (VCgen) the typing rules, and the proof checker. The VCgen is a fairly large program, so establishing its full correctness is a ....

....foundational proofs is much simpler and more straightforward. As far as we know, our work is the first comprehensive study on how to use the syntactic approach to generate FPCC. The idea that attaching the soundness proof (for the underlying type system) can reduce the trusted base is not new [16, 3], however, none of the existing work has shown how to use the syntactic proof to build the foundational proof. In addition, we show in Sections 3 and 4 that navely combining existing typed assembly languages (TAL) 14, 13, 26] with their soundness proofs do not necessarily produce valid FPCC. To ....

[Article contains additional citation context not shown here]

G. Necula. Compiling with Proofs. PhD thesis, School of Computer Science, Carnegie Mellon Univ., Sept. 1998.

.... rules out many of the optimizations that one could otherwise apply at the code producer s site, but that the veri er would not be able to distinguish from malicious modi cations [4] An alternative to full scale veri cation at the code consumer s site is the use of proof carrying code (PCC) [40, 37, 38]. This approach shifts much of the workload of the veri cation task to the code producer, simultaneously reducing the size of the trusted code base needed at the code consumer s site, as well as the veri cation e ort required there. For example, Sun s KVM virtual machine [34] uses a form of PCC ....

G. C. Necula. Compiling with Proofs. PhD thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, Sept. 1998.

....and the Simplex method into this framework and we study some of its properties. keywords : certified code, certified array bounds checking elimination, certified parallelization, certified Omega test, certified formal calculus, axiomatization of Z 1 Introduction In proof carrying code (PCC) [9, 11], a code producer and a code consumer (host) start by agreeing on a safety policy. This policy is specified as a set of axioms for reasoning about safety. The code producer will then ship a compiled program to the consumer, along with a formal proof of its safety. Of course, the formal proof must ....

....Research Projects Agency or the U.S. Government. This work was done while the first author was visiting the FLINT group in the Department of Computer Science at Yale University. Using PCC allows to remove many run time checks without sacrificing safety. For example, the Touchstone compiler [11] can prove the memory safety of the compiled programs. In other words, Touchstone compiled programs can be trusted to run on devices without memory protection. Recently, Xi [21, 19] introduced a dependent type system in which the costly process of array bounds checking can be removed a method ....

[Article contains additional citation context not shown here]

G. C. Necula. Compiling with Proofs. PhD thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, Sept. 1998.

..... 32 A.4 The Omega test . 52 B Proofs on Solver2FOL 61 B.1 Expression through Disjunctive Normal Form . 61 3 1 Introduction In proof carrying code (PCC) [8, 10], a code producer and a code consumer (host) start by agreeing on a safety policy. This policy is specified as a set of axioms for reasoning about safety. The code producer will then ship a compiled program to the consumer, along with a formal proof of its safety. Of course, the formal proof must ....

....assurance. On the other hand, the proofs can be mechanically checked by the host; the producer need not be trusted at all, since a valid proof is incontrovertible evidence of safety. Using PCC allows to remove many run time checks without sacrificing safety. For example, the Touchstone compiler [10] can prove the memory safety of the compiled programs. In other words, Touchstone compiled programs can be trusted to run on devices without memory protection. Recently, Xi [19, 17] introduced a dependent type system in which the costly process of array bounds checking can be removed a method ....

[Article contains additional citation context not shown here]

G. C. Necula. Compiling with Proofs. PhD thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, Sept. 1998.

....allows a code producer to provide a machinelanguage program to a host along with a formal proof of its safety. The proof can be mechanically checked by the host and the producer need not be trusted because a valid proof is a dependable certificate of safety. The proofs in Necula s PCC systems [16, 6] are written in a logic extended with many language specific typing # This research is based on work supported in part by DARPA OASIS grant F30602 99 1 0519, NSF grant CCR 9901011, and NSF ITR grant CCR 0081590. Any opinions, findings, and conclusions contained in this document are those of the ....

....foundational proofs is much simpler and more straightforward. As far as we know, our work is the first comprehensive study on how to use a syntactic approach to generate FPCC. The idea that attaching the soundness proof (for the underlying type system) can reduce the trusted base is not new [16, 3], however, none of the existing work has shown how to use the syntactic proof to build the foundational proof. In addition, we show in Sections 3 and 4 that navely combining existing typed assembly languages (TAL) 14, 13, 25] with their soundness proofs do not necessarily produce valid FPCC. ....

[Article contains additional citation context not shown here]

G. Necula. Compiling with Proofs. PhD thesis, School of Computer Science, Carnegie Mellon Univ., Sept. 1998.

....result in a dag grammar, which could then be compared to a speci cation for valid XML, as a means of verifying the program. Inverting the program when specialised to a particular document, would result in a Document Type De nition. One could even imagine inverting a proof carrying code veri er [8] with respect to a particular program, thus obtaining a proof skeleton for the correctness of the code. Further experiments with the above kinds of applications should be carried out to establish the strength and usability of our method. 9. ....

Necula, G. C. Compiling with Proofs. PhD thesis, School of Computer Science, Carnegie Mellon University, Sept. 1998.

....which uses runtime type inspections, most existing compilers use untyped intermediate languages, and reify runtime types into values at some early stage. However, discarding type information during compilation puts this approach at a serious disadvantage when it comes to generating certified code [13]. Code certification is appealing for a number of reasons. One need not trust the correctness of a compiler generating certified code; instead, one can verify the correctness of the generated code. Checking the correctness of a compiler generated proof (of a program property) is much easier than ....

....by Fegaras and Sheard [4] for extending the fold operation to non inductive datatypes. Meijer and Hutton [10] also propose a method for extending catamorphisms to datatypes with embedded functions; however, their method requires the definition of an anamorphism for every such catamorphism. Necula [13] proposed the ideas of a certifying compiler and implemented a certifying compiler for a type safe subset of C. Morrisett et al. 12] showed that a fully type preserving compiler generating type safe assembly code is a practical basis for a certifying compiler. The idea of programming with ....

G. C. Necula. Compiling with Proofs. PhD thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, Sept. 1998.

....the semantics of connectors and relating semantic models at different levels of abstraction. But, the emphasis in all these cases has always been on verification of general refinement patterns, rather than checking particular steps. Necula and Lee s work on proof carrying code and its applications [15, 16, 17] introduced the notion of replacPage ing verification by checking in the context of compilation. The work described in this paper can be viewed as generalizing their ideas about code refinement transformations to architectural transformations, both refinements and abstractions. 6 Conclusions ....

Necula, G. C., and Lee, P. Proofcarrying code. Tech. Rep. CMU-CS-96-165, School of Computer Science, Carnegie Mellon University, November 1996. Available at http://www.cs.cmu.edu/~necula/tr96-165.ps.gz.

No context found.

Necula G. C., Compiling with Proofs, PhD Thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, September 1998

No context found.

G. C. Necula. Compiling with Proofs. PhD thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, Sept. 1998.

No context found.

G. Necula. Compiling with Proofs. PhD thesis, School of Computer Science, Carnegie Mellon Univ., Sept. 1998.

No context found.

G. Necula. Compiling with Proofs. PhD thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, September 1998.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC