Proof-Carrying Code (PCC) is a static mechanism that mechanically verifies type safety of machine-language programs. But the problem in conventional PCC is, who will verify the verifier (the type checker) itself__ __ The Foundational Proof-Carrying Code (FPCC) project at Princeton verifies the soundness of the type checker from the smallest possible set of axioms—logic plus machine semantics. One challenge in the verification is that machine code, unlike high-level languages, contains unstructured control flow (due to arbitrary jumps). A piece of machine code can contain multiple entry points that jump instructions might jump to, and multiple exit points. Traditional Hoare logic and its variants either verify the partial correctness of programs with only one entry and one exit, or need the whole program to verify jump instructions, which is not modular.
The major contribution of this dissertation is a program logic, L c , which modularly verifies properties of machine-code fragments. Unlike previous program logics, the basic reasoning units in L c are multiple-entry and multiple-exit code fragments. L c provides composition rules to combine code fragments and to eliminate intermediate entries/exits in the combined fragment. L c is not only useful for reasoning about properties of machine code with unstructured control flow, but also useful for deriving rules for common control-flow structures such as while-loops, repeat-until-loops, among others. We also present a semantics for L c and prove that L c is both sound and complete.
As an application to the FPCC project, I have implemented L c on top of the SPARC machine language and used L c 's rules to verify the soundness of the instruction rules of a full-fledged low-level typed assembly language—LTAL. This demonstrates L c 's applicability of verifying properties of machine-language programs.
Cited By
- Ahmed A, Appel A, Richards C, Swadi K, Tan G and Wang D (2010). Semantic foundations for typed assembly languages, ACM Transactions on Programming Languages and Systems (TOPLAS), 32:3, (1-67), Online publication date: 1-Mar-2010.
- Appel A, Melliès P, Richards C and Vouillon J (2007). A very modal model of a modern, major, general type system, ACM SIGPLAN Notices, 42:1, (109-122), Online publication date: 17-Jan-2007.
- Appel A, Melliès P, Richards C and Vouillon J A very modal model of a modern, major, general type system Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, (109-122)
- Feng X, Ni Z, Shao Z and Guo Y An open framework for foundational proof-carrying code Proceedings of the 2007 ACM SIGPLAN international workshop on Types in languages design and implementation, (67-78)
- Saabas A and Uustalu T (2007). A compositional natural semantics and Hoare logic for low-level languages, Theoretical Computer Science, 373:3, (273-302), Online publication date: 30-Mar-2007.
- Ni Z and Shao Z Certified assembly programming with embedded code pointers Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, (320-333)
- Ni Z and Shao Z (2006). Certified assembly programming with embedded code pointers, ACM SIGPLAN Notices, 41:1, (320-333), Online publication date: 12-Jan-2006.
- Saabas A and Uustalu T Compositional type systems for stack-based low-level languages Proceedings of the 12th Computing: The Australasian Theroy Symposium - Volume 51, (27-39)
- Saabas A and Uustalu T Compositional type systems for stack-based low-level languages Proceedings of the Twelfth Computing: The Australasian Theory Symposium - Volume 51, (27-39)
- Tan G and Appel A A compositional logic for control flow Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation, (80-94)
Index Terms
- A compositional logic for control flow and its application in foundational proof-carrying code
Recommendations
A Syntactic Approach to Foundational Proof-Carrying Code
Proof-carrying code (PCC) is a general framework for verifying the safety properties of machine-language programs. PCC proofs are usually written in a logic extended with language-specific typing rules; they certify safety but only if there is no bug in ...
A Syntactic Approach to Foundational Proof-Carrying Code
LICS '02: Proceedings of the 17th Annual IEEE Symposium on Logic in Computer ScienceProof-Carrying Code (PCC) is a general framework for verifying the safety properties of machine-language programs. PCC proofs are usually written in a logic extended with language-specific typing rules. In Foundational Proof-Carrying Code (FPCC), on the ...