CPP 2013: Certified Programs and Proofs pp 211-226 | Cite as

Formalizing the SAFECode Type System

  • Daniel Huang
  • Greg Morrisett
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8307)

Abstract

The Secure Virtual Architecture (SVA) provides an object-level integrity policy, similar to type-safety, for languages such as C and C++, and thus rules out a wide range of common vulnerabilities. SVA uses an enhanced version of the Low-Level Virtual Machine (LLVM) compiler called SAFECode to enforce the policy through a combination of static and dynamic type-checks. However, this results in a relatively large trusted computing base (TCB). SVA reduces the TCB with an unverified type-checker that relies upon a paper-and-pencil proof of type-soundness for a core-language. As a further step towards increasing the assurance of the compiler, we present a mechanized proof of soundness and a verified type-checker for a realistic subset of the SAFECode type system developed using the Coq Proof Assistant.

Keywords

verification SAFECode LLVM memory safety 
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Coq Proof Assistant, http://coq.inria.fr/
  2. 2.
    Carlisle, M.C.: Olden: Parallelizing Programs with Dynamic Data Structures on Distributed-Memory Machines. PhD thesis (1996)Google Scholar
  3. 3.
    Castro, M., Costa, M., Martin, J.-P., Peinado, M., Akritidis, P., Donnelly, A., Barham, P., Black, R.: Fast Byte-Granularity Software Fault Isolation. In: Proc., SOSP 2009 (2009)Google Scholar
  4. 4.
    Criswell, J., Lenharth, A., Dhurjati, D., Adve, V.: Secure Virtual Architecture: A Safe Execution Environment for Commodity Operating Systems. In: Proc., SOSP 2007 (2007)Google Scholar
  5. 5.
    Dhurjati, D., Kowshik, S., Adve, V.: SAFECode: Enforcing Alias Analysis for Weakly Typed Languages. In: Proc., PLDI 2006 (2006)Google Scholar
  6. 6.
    Grossman, D., Morrisett, G., Jim, T., Hicks, M., Wang, Y., Cheney, J.: Region-Based Memory Management in Cyclone. In: Proc., PLDI 2002 (2002)Google Scholar
  7. 7.
    Lattner, C., Adve, V.: LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In: Proc. International Symposium on Code Generation and Optimization, CGO 2004 (March 2004)Google Scholar
  8. 8.
    Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7) (July 2009)Google Scholar
  9. 9.
    Leroy, X., Blazy, S.: Formal Verification of a C-like Memory Model and Its Uses for Verifying Program Transformations. J. Autom. Reason. 41(1) (July 2008)Google Scholar
  10. 10.
    Nagarakatte, S., Zhao, J., Martin, M.M.K., Zdancewic, S.: SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In: Proc. PLDI 2009 (2009)Google Scholar
  11. 11.
    Necula, G.C., McPeak, S., Weimer, W.: CCured: Type-Safe Retrofitting of Legacy Code. In: Proc. POPL (2002)Google Scholar
  12. 12.
    Tofte, M., Talpin, J.-P.: Region-based memory management. Inf. Comput. 132(2) (February 1997)Google Scholar
  13. 13.
    Zhao, J., Nagarakatte, S., Martin, M.M.K., Zdancewic, S.: Formalizing the LLVM Intermediate Representation for Verified Program Transformations. In: Proc. POPL 2012 (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Daniel Huang
    • 1
  • Greg Morrisett
    • 1
  1. 1.Harvard UniversityCambridgeUSA

Personalised recommendations