Journal of Automated Reasoning

, Volume 31, Issue 3–4, pp 191–229 | Cite as

A Syntactic Approach to Foundational Proof-Carrying Code

  • Nadeem A. Hamid
  • Zhong Shao
  • Valery Trifonov
  • Stefan Monnier
  • Zhaozhong Ni
Article

Abstract

Proof-carrying code (PCC) is a general framework for verifying the safety properties of machine-language programs. PCC proofs are usually written in a logic extended with language-specific typing rules; they certify safety but only if there is no bug in the typing rules. In foundational proof-carrying code (FPCC), on the other hand, proofs are constructed and verified by using strictly the foundations of mathematical logic, with no type-specific axioms. FPCC is more flexible and secure because it is not tied to any particular type system and it has a smaller trusted base. Foundational proofs, however, are much harder to construct. Previous efforts on FPCC all required building sophisticated semantic models for types. Furthermore, none of them can be easily extended to support mutable fields and recursive types. In this article, we present a syntactic approach to FPCC that avoids all of these difficulties. Under our new scheme, the foundational proof for a typed machine program simply consists of the typing derivation plus the formalized syntactic soundness proof for the underlying type system. The former can be readily obtained from a type-checker, while the latter is known to be much easier to construct than the semantic soundness proofs. We give a translation from a typed assembly language into FPCC and demonstrate the advantages of our new system through an implementation in the Coq proof assistant.

foundational proof-carrying code syntactic soundness proof typed assembly language 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ahmed, A. J.: Mutable fields in a semantic model of types, Talk presented at 2000 PCC Workshop, June 2000.Google Scholar
  2. 2.
    Ahmed, A. J., Appel, A. W. and Virga, R.: A stratified semantics of general references embeddable in higher-order logic, in Proceedings 17th Annual IEEE Symposium on Logic in Computer Science, June 2002, pp. 75–86.Google Scholar
  3. 3.
    Appel, A. W.: Foundational proof-carrying code, in Proceedings 16th Annual IEEE Symposium on Logic in Computer Science, June 2001, pp. 247–258.Google Scholar
  4. 4.
    Appel, A. W. and Felten, E. W.: Models for security policies in proof-carrying code, Technical Report CS-TR-636-01, Department of Computer Science, Princeton University, Mar. 2001.Google Scholar
  5. 5.
    Appel, A. W. and Felty, A. P.: A semantic model of types and machine instructions for proof-carrying code, in Proceedings 27th ACM Symposium on Principles of Programming Languages, ACM Press, 2000, pp. 243–253.Google Scholar
  6. 6.
    Appel, A. W. and McAllester, D.: An indexed model of recursive types for foundational proofcarrying code, ACM Trans. on Programming Languages and Systems 23(5) (Sept. 2001), 657–683.CrossRefGoogle Scholar
  7. 7.
    Colby, C., Lee, P., Necula, G., Blau, F., Plesko, M.and Cline, K.: A certifying compiler for Java, in Proceedings 2000 ACMConference on Programming Language Design and Implementation, ACM Press, New York, 2000, pp. 95–107.CrossRefGoogle Scholar
  8. 8.
    Coquand, T. and Huet, G.: The calculus of constructions, Inform. and Comput. 76 (1988), 95–120.MATHMathSciNetCrossRefGoogle Scholar
  9. 9.
    Felty, A.: Semantic models of types and machine instructions for proof-carrying code, Talk presented at 2000 PCC Workshop, June 2000.Google Scholar
  10. 10.
    Grossman, D., Morrisett, G. and Zdancewic, S.: Syntactic type abstraction, ACM Trans. on Programming Languages and Systems 22(6) (Nov. 2000), 1037–1080.CrossRefGoogle Scholar
  11. 11.
    Howard, W. A.: The formulae-as-types notion of constructions, in To H. B. Curry: Essays on Computational Logic, Lambda Calculus and Formalism, Academic Press, 1980.Google Scholar
  12. 12.
    League, C., Shao, Z. and Trifonov, V.: Precision in practice: A type-preserving Java compiler, in Proceedings 12th International Conference on Compiler Construction, Lecture Notes in Comput. Sci. 2622, Springer-Verlag, Heidelberg, 2003, pp. 106–120.Google Scholar
  13. 13.
    Michael, N. and Appel, A.: Machine instruction syntax and semantics in higher order logic, in Proceedings 17th International Conference on Automated Deduction, Springer-Verlag, June 2000, pp. 7–24.Google Scholar
  14. 14.
    Morrisett, G., Crary, K., Glew, N. and Walker, D.: Stack-based typed assembly language, in X. Leroy and A. Ohori (eds), Proceedings 1998 International Workshop on Types in Compilation, Kyoto, Japan, Lecture Notes in Comput. Sci. 1473, Springer-Verlag, March 1998, pp. 28–52.CrossRefGoogle Scholar
  15. 15.
    Morrisett, G., Walker, D., Crary, K. and Glew, N.: From System F to typed assembly language, in Proceedings 25th ACM Symposium on Principles of Programming Languages, ACM Press, Jan. 1998, pp. 85–97.Google Scholar
  16. 16.
    Necula, G.: Proof-carrying code, in Proceedings 24th ACM Symposium on Principles of Programming Languages, ACM Press, New York, Jan. 1997, pp. 106–119.CrossRefGoogle Scholar
  17. 17.
    Necula, G.: Compiling with proofs, PhD thesis, School of Computer Science, Carnegie Mellon University, Sept. 1998.Google Scholar
  18. 18.
    Necula, G. and Lee, P.: Safe kernel extensions without run-time checking, in Proceedings 2nd USENIX Symp. on Operating System Design and Impl., 1996, pp. 229–243.Google Scholar
  19. 19.
    Necula, G. and Lee, P.: The design and implementation of a certifying compiler, in Proceedings 1998 ACM Conference on Programming Language Design and Implementation, New York, 1998, pp. 333–344.Google Scholar
  20. 20.
    Paulin-Mohring, C.: Inductive definitions in the system Coq – rules and properties, in M. Bezem and J. Groote (eds), Proceedings TLCA, Lecture Notes in Comput. Sci. 664, Springer-Verlag, 1993.Google Scholar
  21. 21.
    Shao, Z., Saha, B., Trifonov, V. and Papaspyrou, N.: A type system for certified binaries, in Proceedings 29th ACM Symposium on Principles of Programming Languages, ACM Press, Jan. 2002, pp. 217–232.Google Scholar
  22. 22.
    Swadi, K. N. and Appel, A.W.: Typed machine language and its semantics, Preliminary version available at www.cs.princeton.edu/∼appel/papers/tml.pdf, July 2001.Google Scholar
  23. 23.
    The Coq Development Team: The Coq proof assistant reference manual. The Coq release v7.1, Oct. 2001.Google Scholar
  24. 24.
    Trifonov, V., Saha, B. and Shao, Z.: Fully reflexive intensional type analysis, in Proceedings 2000 ACM International Conference on Functional Programming, ACM Press, Sept. 2000, pp. 82–93.Google Scholar
  25. 25.
    Werner, B.: Une théorie des constructions inductives, PhD thesis, L'Université Paris 7, Paris, France, 1994.Google Scholar
  26. 26.
    Wright, A. K. and Felleisen, M.: A syntactic approach to type soundness, Inform. and Comput. 115(1) (1994), 38–94.MATHMathSciNetCrossRefGoogle Scholar
  27. 27.
    Xi, H. and Harper, R.: A dependently typed assembly language, in Proceedings 2001 ACM International Conference on Functional Programming, ACM Press, Sept. 2001, pp. 169–180.Google Scholar

Copyright information

© Kluwer Academic Publishers 2003

Authors and Affiliations

  • Nadeem A. Hamid
    • 1
  • Zhong Shao
    • 2
  • Valery Trifonov
    • 2
  • Stefan Monnier
    • 2
  • Zhaozhong Ni
    • 2
  1. 1.Department of Computer ScienceYale UniversityNew HavenU.S.A.
  2. 2.Department of Computer ScienceYale UniversityNew HavenU.S.A.

Personalised recommendations