Reduced Certificates for Abstraction-Carrying Code
Abstraction-Carrying Code (ACC) has recently been proposed as a framework for mobile code safety in which the code supplier provides a program together with an abstraction whose validity entails compliance with a predefined safety policy. The abstraction plays thus the role of safety certificate and its generation is carried out automatically by a fixed-point analyzer. The advantage of providing a (fixed-point) abstraction to the code consumer is that its validity is checked in a single pass of an abstract interpretation-based checker. A main challenge is to reduce the size of certificates as much as possible while at the same time not increasing checking time. We introduce the notion of reduced certificate which characterizes the subset of the abstraction which a checker needs in order to validate (and re-construct) the full certificate in a single pass. Based on this notion, we instrument a generic analysis algorithm with the necessary extensions in order to identify the information relevant to the checker. We also provide a correct checking algorithm together with sufficient conditions for ensuring its completeness. The experimental results within the CiaoPP system show that our proposal is able to greatly reduce the size of certificates in practice.
KeywordsLogic Program Single Pass Priority Queue Abstract Interpretation Abstract Domain
Unable to display preview. Download preview PDF.
- 1.Albert, E., Arenas, P., Puebla, G., Hermenegildo, M.: Reduced Certificates for Abstraction-Carrying Code. Technical Report CLIP8/2005.0, Technical University of Madrid (UPM), School of Computer Science, UPM (October 2005)Google Scholar
- 5.Bueno, F., Cabeza, D., Carro, M., Hermenegildo, M., López-García, P., Puebla, G. (eds.): The Ciao System. Reference Manual (v1.13). Technical report, School of Computer Science (UPM) (2006), Available at: http://clip.dia.fi.upm.es/Software/Ciao/
- 7.Cousot, P., Cousot, R.: Abstract Interpretation: a Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In: Proc. of POPL 1977, pp. 238–252 (1977)Google Scholar
- 14.Marriot, K., Stuckey, P.: Programming with Constraints: An Introduction. The MIT Press, Cambridge (1998)Google Scholar
- 15.Muthukumar, K., Hermenegildo, M.: Combined Determination of Sharing and Freeness of Program Variables Through Abstract Interpretation. In: 1991 International Conference on Logic Programming, pp. 49–63. MIT Press, Cambridge (1991)Google Scholar
- 17.Necula, G.C., Lee, P.: Efficient representation and validation of proofs. In: Proceedings of LICS 1998, p. 93. IEEE Computer Society Press, Los Alamitos (1998)Google Scholar
- 18.Necula, G.C., Rahul, S.P.: Oracle-based checking of untrusted software. In: Proceedings of POPL 2001, pp. 142–154. ACM Press, New York (2001)Google Scholar
- 19.Puebla, G., Hermenegildo, M.: Optimized Algorithms for the Incremental Analysis of Logic Programs. In: Cousot, R., Schmidt, D.A. (eds.) SAS 1996. LNCS, vol. 1145, pp. 270–284. Springer, Heidelberg (1996)Google Scholar
- 21.Rose, K., Rose, E.: Lightweight bytecode verification. In: OOPSLA Workshop on Formal Underpinnings of Java (1998)Google Scholar