Necula, G. 1998. Compiling with proofs. Ph.D. thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA 15213-3891, USA. Also available as CMU technical report CMU-CS-98-154.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....not enable this, although Transmorpher does, and this would prevent people who are not owner of the transformation to claim properties and publish proofs. Hence the best solution seems to use RDF for annotating the transformation from the outside. 4. 3# Towards proof checking Proof carrying code [Necula 1998] is an infrastructure in which a program is provided with the proof of the properties that it satisfies. A client program that want to run the former program will check the proof against this program in order to check that it can do it safely. These principles can be applied to the verifications ....

....We believe that the strength of the framework is not its sophistication, but rather its relative simplicity. No doubt that it will not be practical in difficult cases, but it work for cases like the one presented as an example here. This framework is very close to that of proof carrying code [Necula 1998] of which it is an instantiation on particular programs and properties. Moreover it is fully based on widely available XML technologies (XML, XPATH, XSLT, MATHML, OMDOC, RDF) or local extensions (DLML, DSD, Transmorpher) For a description of complementary work on the topic of semantic ....

George Necula, Compiling with proofs, PhD thesis, Carnegie Mellon university, Pittsburgh (PA US), 1998

....Chacko George, Jim Horning, Greg Humphreys, Mike MacKay, John McGinty, Umesh Maheshwari, Susan Owicki, Olin Sibert, Oscar Steele, Andrew Wright, and Lance Zaklan. 2 Related Work There has been a significant amount of work done on the problem of executing untrusted code on a trusted host computer [MWCG99,Nec98,NL96]. The field of tamper resistance is the dual problem of running trusted code on an untrusted host. Although of considerable practical value, there has been little formal work done on this problem. Most of the work reported in the literature is ad hoc. It is not clear that any solutions exist that ....

G.C. Necula. Compiling with proofs. PhD thesis, Carnegie Mellon University, September 1998.

....and highly trusted piece of code (perhaps even formally verified) users can have a very high degree of confidence in the decision procedure s results. There are other reasons besides certifying correctness to produce proofs from a decision procedure. The work on proof carrying code described in [16] relies upon the ability to produce proofs of formulas from decision procedures to convince the recipient of a piece of mobile code that the code may safely be executed 1 . Independently checkable proofs would be valuable to government agencies certifying safety critical systems. Producing ....

....to convince the recipient of a piece of mobile code that the code may safely be executed 1 . Independently checkable proofs would be valuable to government agencies certifying safety critical systems. Producing proofs may also help in developing and maintaining decision procedures, as claimed in [16], since checking proofs as they are generated enables early detection of errors in the tool, and analysis of the proofs produced may yield insights into the tool s behavior. 2 Formalizing the proof system of a decision procedure In this section, we describe some of the goals and issues ....

[Article contains additional citation context not shown here]

G. Necula. Compiling with Proofs. PhD thesis, Carnegie Mellon University, September 1998.

....ling. Section 6 describes how abstract proofs are used to incorporate GRASP into SVC. 2 Related work In Necula s pioneering work on proof carrying code, a proof producing theorem prover is used to generate proofs to allow a remote machine to verify that transmitted executable code is safe to run [15, 16]. SVC is a similar tool, but it aims to handle signi cantly larger formulas than Necula s. More ecient algorithms are thus required. Furthermore, the use of proofs for con ict clauses and the notion of abstract proofs presented below are novel. Other related work is proof logging and proof ....

G. Necula. Compiling with Proofs. PhD thesis, Carnegie Mellon University, September 1998.

....program verification. The program developer annotates the code with a formal specification (fi. pre and postconditions of functions or loop invariants) and hands this information over to the user who proves the code formally. Examples for utilizing proof carrying code are the touchstone compiler [27] and the efficient code certification [19] Moreover, this method was used for more specialized verification purposes as type checking [24, 31] and information flow analysis [11, 25, 26] Since the information used for code verification is produced by the code developer, it may be distorted in ....

G. C. Necula. Compiling with proofs. PhD thesis, Carnegie Mellon University, 1998.

....consists of attaching assertions to the transformations in a transformation flow in order to tell if a property is assumed, proved or to be checked. This will allow real experimentation of proving properties of compound transformations. 5. 2# Towards proof checking Proof carrying code [Necula 1998] is an infrastructure in which a program is provided with the proof of the properties that it satisfies. A client system that wants to run the former program will check the proof against this program in order to ensure that it can do it safely. These principles can be applied to the verification ....

....sophistication, but rather its relative simplicity. Its distributed, modular and incremental characteristics make it adapted to the web. No doubt that it will not be practical in all cases, but it works for cases like the one presented. This framework is very close to that of proof carrying code [Necula 1998] of which it is an instantiation on particular programs and properties. Moreover it is fully based on widely available XML technologies (XML, XPATH, XSLT, MATHML, OMDOC, RDF) or local extensions (DLML, DSD, Transmorpher) For a description of complementary work on the topic of semantic ....

George Necula, Compiling with proofs, PhD thesis, Carnegie Mellon university, Pittsburgh (PA US), 1998

....safety, neither SPIN nor TAL can enforce other important security properties, such as termination, that do not follow from type safety. Another framework for verifying safety properties in low level programs, proposed by Necula and Lee, is called proof carrying code (PCC) Necula and Lee 1996; Necula 1997; 1998]. Necula and Lee encode the relevant operational content of simple type systems using extensions to first order predicate logic, and automatically verify proofs of security properties such as memory safety [Necula 1997] Because Necula and Lee use a general purpose logic, they can encode more ....

Necula, G. 1998. Compiling with proofs. Ph.D. thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA 15213-3891, USA. Also available as CMU technical report CMU-CS-98-154.

....is safe, and then has the host perform a proof validation step. When our proof synthesis techniques are employed by the code producer (on the foreign side of the untrusted trusted boundary) our approach can be viewed as an ally of PCC that helps to lift current limitations of certifying compilers [7, 19, 20], which produce PCC automatically, but only for programs written in certain safe source languages. The main contributions of the paper are: An improved typestate checking system that allows us to perform safety checking on untrusted machine code that implements inheritance polymorphism via ....

G. Necula. Compiling with Proofs. Ph.D. Dissertation, Carnegie Mellon University. (September 1998).

....a behavioral component. Section 3 brie y outlines the structures needed for a dynamic view of the adaptation process, and the way to adjoin them in the described semantical framework. 1 The idea of adding abstract logical annotations to code can be seen as a generalization of Necula and Lee s [12] combination of proof carrying code and certifying compilers. While mainly concerned with the security properties of mobile code, many of the ideas that arose in that work do seem to apply in general, and provide evidence for the imminent realizability of the present ideas. 2 Category of speci ....

G.C. Necula, Compiling with Proofs. Thesis (CMU 1998)

....safety, neither SPIN nor TAL can enforce other important security properties, such as termination, that do not follow from type safety. Another framework for verifying safety properties in low level programs, proposed by Necula and Lee, is called proof carrying code (PCC) Necula and Lee 1996; Necula 1997; 1998]. Necula and Lee encode the relevant operational content of simple type systems using extensions to first order predicate logic, and automatically verify proofs of security properties such as memory safety [Necula 1997] Because Necula and Lee use a general purpose logic, they can encode more ....

Necula, G. 1998. Compiling with proofs. Ph.D. thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA 15213-3891, USA. Also available as CMU technical report CMU-CS-98-154.

.... to a oating point number) and memory safety (which excludes stray memory accesses) Examples of certifying compilers for this property include various ones compiling Java into Java virtual machine language (JVML) Touchstone compiling Safe C into a form of proof carrying code (which we call TPCC) (Necula and Lee 1998), TIL and its successor TILT compiling Standard ML (Milner, Tofte, Harper, and MacQueen 1997) into a typed intermediate language (Tarditi, Morrisett, Cheng, Stone, Harper, and Lee 1996) and ROML compiling a restricted set of ML into a portion of C that is type safe (Tolmach and Oliva 1998) ....

....type checking is performed in DTAL. The soundness of the type system of DTAL is stated and proven in Section 5 and an extension of DTAL to handle sum types is given in Section 6. We then in Section 7 mention a type checker for DTAL and a compiler which compiles Xanadu, a language resembling Safe C (Necula and Lee 1998) and Popcorn (Morrisett et al. 1999) with C like syntax, into DTAL. The rest of the paper discusses some closely related work and future directions. 2 Dependently Typed Assembly Language In this section we present a typed assembly language in which a restricted form of dependent types is ....

[Article contains additional citation context not shown here]

Necula, G. (1998, September). Compiling with Proofs. Ph. D. thesis, Carnegie Mellon University.

....The precondition of a function should provide enough information to allow a verification condition to be constructed for that function in the next phase. The verification condition implies that the function satisfies the security policy and satisfies its postcondition. The Touchstone compiler [22] is a certifying compiler for a type safe subset of C that implements this phase of PCC. In addition to the object code, it provides information sufficient for constructing a verification condition for type safety. One of the major strengths of the Touchstone compiler is that it admits many common ....

....or programming language. The software supplier constructs a formal proof of the verification condition and returns it to the consumer for checking. The verifier checks that the proof is indeed a valid proof of the verification condition constructed in the previous phase. In the PCC implementation [22], the verification condition and its proof are encoded using the Edinburgh Logical Framework (LF) 8] The theorem prover is based on the Nelson Oppen theorem prover architecture for combined theories. Key tools are congruence closure for dealing with equality and linear simplex for dealing with ....

[Article contains additional citation context not shown here]

George C. Necula. Compiling with proofs. PhD thesis, Carnegie Mellon University, September 1998.

.... a floating point number) and memory safety (which excludes stray memory accesses) Examples of certifying compilers for this property include various ones compiling Java into Java virtual machine language (JVML) Touchstone compiling Safe C into a form of proof carrying code (which we call TPCC) (Necula and Lee 1998), TIL and its successor TILT compiling Standard ML (Milner, Tofte, Harper, and MacQueen 1997) into a typed intermediate language (Tarditi, Morrisett, Cheng, Stone, Harper, and Lee 1996) and ROML compiling a restricted set of ML into a portion of C that is type safe (Tolmach and Oliva 1998) ....

....how type checking is performed in DTAL. The soundness of the type system of DTAL is stated in Section 5 and an extension of DTAL to handle sum types is given in Section 6. We then in Section 7 mention a type checker for DTAL and a compiler which compiles Xanadu, a language resembling Safe C (Necula and Lee 1998) and Popcorn (Morrisett et al. 1999) with C like syntax, into DTAL. The rest of the paper discusses some closely related work and future directions. 2 DTAL In this section we present a dependently typed assembly language (DTAL) which supports a limited form of dependent types. 2.1 Syntax In ....

[Article contains additional citation context not shown here]

Necula, G. (1998, September). Compiling with Proofs.

.... a floating point number) and memory safety (which excludes stray memory accesses) Examples of certifying compilers for this property include various ones compiling Java into Java virtual machine language (JVML) Touchstone compiling Safe C into a form of proof carrying code (which we call TPCC) (Necula and Lee 1998), TIL and its successor TILT compiling Standard ML (Milner, Tofte, Harper, and MacQueen 1997) into a typed intermediate language (Tarditi, Morrisett, Cheng, Stone, Harper, and Lee 1996) and ROML compiling a restricted set of ML into a portion of C that is type safe (Tolmach and Oliva 1998) ....

....type checking is performed in DTAL. The soundness of the type system of DTAL is stated and proven in Section 5 and an extension of DTAL to handle sum types is given in Section 6. We then in Section 7 mention a type checker for DTAL and a compiler which compiles Xanadu, a language resembling Safe C (Necula and Lee 1998) and Popcorn (Morrisett et al. 1999) with C like syntax, into DTAL. The rest of the paper discusses some closely related work and future directions. 2 Dependently Typed Assembly Language In this section we present a typed assembly language in which a restricted form of dependent types is ....

[Article contains additional citation context not shown here]

Necula, G. (1998, September). Compiling with Proofs. Ph. D. thesis, Carnegie Mellon University.

No context found.

Necula, G. 1998. Compiling with proofs. Ph.D. thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA 15213-3891, USA. Also available as CMU technical report CMU-CS-98-154.

No context found.

Necula, G. C. (1998). Compiling with Proofs. PhD thesis, Carnegie Mellon University.

No context found.

George Necula. Compiling With Proofs. PhD thesis, Carnegie Mellon University, 1998.

No context found.

G. Necula. Compiling with Proofs. PhD thesis, Carnegie Mellon University, 1998.

No context found.

G. Necula. Compiling with Proofs. Ph.D. Dissertation, Carnegie Mellon University (September 1998).

No context found.

G.C. Necula. Compiling with Proofs. PhD thesis, Carnegie Mellon University, 1998.

No context found.

G.C. Necula, Compiling With Proofs, Ph.D. Thesis, CMU, 1998

No context found.

G. Necula. Compiling with Proofs. Ph.D. Dissertation, Carnegie Mellon University (September 1998).

No context found.

G. Necula. Compiling with Proofs. Ph.D. Dissertation, Carnegie Mellon University. (September 1998).

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC