Prototyping Proof Carrying Code

  • Martin Wildmoser
  • Tobias Nipkow
  • Gerwin Klein
  • Sebastian Nanz
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 155)


We introduce a generic framework for proof carrying code, developed and mechanically verified in Isabelle/HOL. The framework defines and proves sound a verification condition generator with minimal assumptions on the underlying programming language, safety policy, and safety logic. We demonstrate its usability for prototyping proof carrying code systems by instantiating it to a simple assembly language with procedures and a safety policy for arithmetic overflow.


Successor State Verification Condition Program Counter Control Flow Graph Safety Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    Appel, A. W. (2001). Foundational proof-carrying code. In 16th Annual IEEE Symposium on Logic in Computer Science (LICS’ 01), pages 247–258.Google Scholar
  2. [2]
    Appel, A. W. and Felty, A. P. (2000). A semantic model of types and machine instructions for proof-carrying code. In 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’ 00), pages 243–253.Google Scholar
  3. [3]
    Aspinall, D., Beringer, L., Hofmann, M., Loidl, H.W. (2003) A Resource-aware Program Logic for a JVM-like Language In Trends in Functional Programming, editor: S. Gilmore, EdinburghGoogle Scholar
  4. [4]
    Berghofer, S. and Nipkow, T. (2000). Proof terms for simply typed higher order logic. In Theorem Proving in Higher Order Logics, Springer LNCS vol. 1869, editors: J. Harrison, M. AagaardGoogle Scholar
  5. [5]
    Berghofer (2003). Program Extraction in simply-typed Higher Order Logic. In Types for Proofs and Programs, International Workshop, (TYPES 2002), Springer LNCS, editors: H. Geuvers, F. WiedijkGoogle Scholar
  6. [6]
    Colby, C., Lee, P., Necula, G. C., Blau, F., Plesko, M., and Cline, K. (2000). A certifying compiler for Java. In Proc. ACM SIGPLAN conf. Programming Language Design and Implementation, pages 95–107.Google Scholar
  7. [7]
    Hamid, N., Shao, Z., Trifonov, V., Monnier, S., and Ni, Z. (2002). A syntactic approach to foundational proof-carrying code. In Proc. 17th IEEE Symp. Logic in Computer Science, pages 89–100.Google Scholar
  8. [8]
    Klein, G. (2003). Verified Java Bytecode Verification. PhD thesis, Institut fur Informatik, Technische Universität München.Google Scholar
  9. [9]
    League, C., Shao, Z., and Trifonov, V. (2002). Precision in practice: A type-preserving Java compiler. Technical Report YALEU/DCS/TR-1223, Department of Computer Science, Yale University.Google Scholar
  10. [10]
    Morrisett, G., Walker, D., Crary, K., and Glew, N. (1998). From system F to typed assembly language. In Proc. 25th ACM Symp. Principles of Programming Languages, pages 85–97. ACM Press.Google Scholar
  11. [11]
    Necula, G. C. (1997). Proof-carrying code. In Proc. 24th ACM Symp. Principles of Programming Languages, pages 106–119. ACM Press.Google Scholar
  12. [12]
    Necula, G. C. (1998). Compiling with Proofs. PhD thesis, Carnegie Mellon University.Google Scholar
  13. [13]
    Necula, G. C. and Lee, P. (2000). Proof generation in the touchstone theorem prover. In McAllester, D., editor, Automated Deduction — CADE-17, volume 1831 of Lect. Notes in Comp. Sci., pages 25–44. Springer-Verlag.Google Scholar
  14. [14]
    Necula, G. C. and Schneck, R. R. (2002). A gradual approach to a more trustworthy, yet scalable, proof-carrying code. In Voronkov, A., editor, Proc.CADE-18, 18th International Conference on Automated Deduction, Copenhagen, Denmark, volume 2392 of Lect. Notes in Comp. Sci., pages 47–62. Springer-Verlag.Google Scholar
  15. [15]
    Necula, G. C. and Schneck, R. R. (2003). A sound framework for untrustred verification-condition generators. In Proc. IEEE Symposium on Logic in Computer Science. (LICS03), pages 248–260.Google Scholar
  16. [16]
    Nipkow, T., Paulson, L. C., and Wenzel, M. (2002). Isabelle/HOL-A Proof Assistant for Higher-Order Logic, volume 2283 of Lect. Notes in Comp. Sci. Springer.Google Scholar
  17. [17]
    Klein, G. and Nipkow, T. (2004) A Machine-Checked Model for a Java-Like Language, Virtual Machine and Compiler Technical Report, National ICT Australia, SydneyGoogle Scholar
  18. [18]
    Wildmoser, M. and Nipkow, T. (2004) Certifying machine code safety: shallow versus deep embedding. TPHOLs 2004 Google Scholar
  19. [19]
    VeryPCC website in Munich (2004),

Copyright information

© Springer Science + Business Media, Inc. 2004

Authors and Affiliations

  • Martin Wildmoser
    • 1
  • Tobias Nipkow
    • 1
  • Gerwin Klein
    • 2
  • Sebastian Nanz
    • 3
  1. 1.Institut für InformatikTechnische Universität MünchenGermany
  2. 2.National ICT AustraliaSydney
  3. 3.Department of Computer ScienceYale UniversityUSA

Personalised recommendations