Reduced Certificates for Abstraction-Carrying Code

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4079)


Abstraction-Carrying Code (ACC) has recently been proposed as a framework for mobile code safety in which the code supplier provides a program together with an abstraction whose validity entails compliance with a predefined safety policy. The abstraction plays thus the role of safety certificate and its generation is carried out automatically by a fixed-point analyzer. The advantage of providing a (fixed-point) abstraction to the code consumer is that its validity is checked in a single pass of an abstract interpretation-based checker. A main challenge is to reduce the size of certificates as much as possible while at the same time not increasing checking time. We introduce the notion of reduced certificate which characterizes the subset of the abstraction which a checker needs in order to validate (and re-construct) the full certificate in a single pass. Based on this notion, we instrument a generic analysis algorithm with the necessary extensions in order to identify the information relevant to the checker. We also provide a correct checking algorithm together with sufficient conditions for ensuring its completeness. The experimental results within the CiaoPP system show that our proposal is able to greatly reduce the size of certificates in practice.


Logic Program Single Pass Priority Queue Abstract Interpretation Abstract Domain 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Albert, E., Arenas, P., Puebla, G., Hermenegildo, M.: Reduced Certificates for Abstraction-Carrying Code. Technical Report CLIP8/2005.0, Technical University of Madrid (UPM), School of Computer Science, UPM (October 2005)Google Scholar
  2. 2.
    Albert, E., Puebla, G., Hermenegildo, M.: Abstraction-Carrying Code. In: Baader, F., Voronkov, A. (eds.) LPAR 2004. LNCS (LNAI), vol. 3452, pp. 380–397. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Aspinall, D., Gilmore, S., Hofmann, M., Sannella, D., Stark, I.: Mobile Resource Guarantees for Smart Devices. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 1–26. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Bruynooghe, M.: A Practical Framework for the Abstract Interpretation of Logic Programs. Journal of Logic Programming 10, 91–124 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Bueno, F., Cabeza, D., Carro, M., Hermenegildo, M., López-García, P., Puebla, G. (eds.): The Ciao System. Reference Manual (v1.13). Technical report, School of Computer Science (UPM) (2006), Available at:
  6. 6.
    Cachera, D., Jensen, T., Pichardie, D., Rusu, V.: Extracting a Data Flow Analyser in Constructive Logic. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 385–400. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Cousot, P., Cousot, R.: Abstract Interpretation: a Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In: Proc. of POPL 1977, pp. 238–252 (1977)Google Scholar
  8. 8.
    Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: The ASTREÉ Analyzer. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21–30. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Hermenegildo, M., Puebla, G., Bueno, F., López-García, P.: Integrated Program Debugging, Verification, and Optimization Using Abstract Interpretation (and The Ciao System Preprocessor). Science of Computer Programming 58(1-2), 115–140 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Hermenegildo, M., Puebla, G., Marriott, K., Stuckey, P.: Incremental Analysis of Constraint Logic Programs. ACM TOPLAS 22(2), 187–223 (2000)CrossRefGoogle Scholar
  11. 11.
    Klein, G., Nipkow, T.: Verified bytecode verifiers. Theoretical Computer Science 3(298), 583–626 (2003)CrossRefMathSciNetGoogle Scholar
  12. 12.
    Leroy, X.: Java bytecode verification: algorithms and formalizations. Journal of Automated Reasoning 30(3-4), 235–269 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Lloyd, J.W.: Foundations of Logic Programming, 2nd edn. Springer, Heidelberg (1987)zbMATHGoogle Scholar
  14. 14.
    Marriot, K., Stuckey, P.: Programming with Constraints: An Introduction. The MIT Press, Cambridge (1998)Google Scholar
  15. 15.
    Muthukumar, K., Hermenegildo, M.: Combined Determination of Sharing and Freeness of Program Variables Through Abstract Interpretation. In: 1991 International Conference on Logic Programming, pp. 49–63. MIT Press, Cambridge (1991)Google Scholar
  16. 16.
    Necula, G.: Proof-Carrying Code. In: Proc. of POPL 1997, pp. 106–119. ACM Press, New York (1997)CrossRefGoogle Scholar
  17. 17.
    Necula, G.C., Lee, P.: Efficient representation and validation of proofs. In: Proceedings of LICS 1998, p. 93. IEEE Computer Society Press, Los Alamitos (1998)Google Scholar
  18. 18.
    Necula, G.C., Rahul, S.P.: Oracle-based checking of untrusted software. In: Proceedings of POPL 2001, pp. 142–154. ACM Press, New York (2001)Google Scholar
  19. 19.
    Puebla, G., Hermenegildo, M.: Optimized Algorithms for the Incremental Analysis of Logic Programs. In: Cousot, R., Schmidt, D.A. (eds.) SAS 1996. LNCS, vol. 1145, pp. 270–284. Springer, Heidelberg (1996)Google Scholar
  20. 20.
    Rose, E., Rose, K.: Java access protection through typing. Concurrency and Computation: Practice and Experience 13(13), 1125–1132 (2001)zbMATHCrossRefGoogle Scholar
  21. 21.
    Rose, K., Rose, E.: Lightweight bytecode verification. In: OOPSLA Workshop on Formal Underpinnings of Java (1998)Google Scholar
  22. 22.
    Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.: Model-carrying code: A practical approach for safe execution of untrusted applications. In: Proc. of SOSP 2003, pp. 15–28. ACM Press, New York (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  1. 1.Complutense University of Madrid 
  2. 2.Technical University of Madrid 
  3. 3.University of New Mexico 

Personalised recommendations