Abstract
Today, software is traded worldwide on global markets, with apps being downloaded to smartphones within minutes or seconds. This poses, more than ever, the challenge of ensuring safety of software in the face of (1) unknown or untrusted software providers together with (2) resource-limited software consumers. The concept of Proof-Carrying Code (PCC), years ago suggested by Necula, provides one framework for securing the execution of untrusted code. PCC techniques attach safety proofs, constructed by software producers, to code. Based on the assumption that checking proofs is usually much simpler than constructing proofs, software consumers should thus be able to quickly check the safety of software. However, PCC techniques often suffer from the size of certificates (i.e., the attached proofs), making PCC techniques inefficient in practice.
In this article, we introduce a new framework for the safe execution of untrusted code called Programs from Proofs (PfP). The basic assumption underlying the PfP technique is the fact that the structure of programs significantly influences the complexity of checking a specific safety property. Instead of attaching proofs to program code, the PfP technique transforms the program into an efficiently checkable form, thus guaranteeing quick safety checks for software consumers. For this transformation, the technique also uses a producer-side automatic proof of safety. More specifically, safety proving for the software producer proceeds via the construction of an abstract reachability graph (ARG) unfolding the control-flow automaton (CFA) up to the degree necessary for simple checking. To this end, we combine different sorts of software analysis: expensive analyses incrementally determining the degree of unfolding, and cheap analyses responsible for safety checking. Out of the abstract reachability graph we generate the new program. In its CFA structure, it is isomorphic to the graph and hence another, this time consumer-side, cheap analysis can quickly determine its safety.
Like PCC, Programs from Proofs is a general framework instantiable with different sorts of (expensive and cheap) analysis. Here, we present the general framework and exemplify it by some concrete examples. We have implemented different instantiations on top of the configurable program analysis tool CPAchecker and report on experiments, in particular on comparisons with PCC techniques.
- Elvira Albert, Germán Puebla, and Manuel Hermenegildo. 2005. Abstraction-carrying code. In Logic for Programming, Artificial Intelligence, and Reasoning, Franz Baader and Andrei Voronkov (Eds.). Lecture Notes in Computer Science, Vol. 3452. Springer, Berlin, 380--397. DOI:http://dx.doi.org/ 10.1007/978-3-540-32275-7_25 Google ScholarCross Ref
- Glenn Ammons and James R. Larus. 2004. Improving data-flow analysis with path profiles. SIGPLAN Not. 39, 4 (Apr. 2004), 568--582. DOI:http://dx.doi.org/10.1145/989393.989451 Google ScholarDigital Library
- Torben Amtoft, Josiah Dodds, Zhi Zhang, Andrew Appel, Lennart Beringer, John Hatcliff, Xinming Ou, and Andrew Cousino. 2012. A certificate infrastructure for machine-checked proofs of conditional information flow. In Proceedings of the 1st International Conference on Principles of Security and Trust (POST’12). Springer-Verlag, Berlin, 369--389. DOI:http://dx.doi.org/10.1007/978-3-642-28641-4_20 Google ScholarDigital Library
- Gogul Balakrishnan, Sriram Sankaranarayanan, Franjo Ivančić, and Aarti Gupta. 2009. Refining the control structure of loops using static analysis. In Proceedings of the 7th ACM International Conference on Embedded Software (EMSOFT’09). ACM, New York, NY, 49--58. DOI:http://dx.doi.org/10.1145/1629335.1629343 Google ScholarDigital Library
- Gogul Balakrishnan, Sriram Sankaranarayanan, Franjo Ivančić, Ou Wei, and Aarti Gupta. 2008. SLR: Path-sensitive analysis through infeasible-path detection and syntactic language refinement. In Static Analysis, María Alpuente and Germán Vidal (Eds.). Lecture Notes in Computer Science, Vol. 5079. Springer, Berlin , 238--254. DOI:http://dx.doi.org/10.1007/978-3-540-69166-2_16 Google ScholarDigital Library
- John Barnes. 2012. SPARK - The Proven Approach to High Integrity Software. Altran Praxis. http://www.altran.co.uk, UK.Google Scholar
- Joseph L. Bates and Robert L. Constable. 1985. Proofs as programs. ACM Trans. Program. Lang. Syst. 7, 1 (Jan. 1985), 113--136. DOI:http://dx.doi.org/10.1145/2363.2528 Google ScholarDigital Library
- Lujo Bauer, Michael A. Schneider, Edward W. Felten, and Andrew W. Appel. 2003. Access control on the web using proof-carrying authorization. In Proceedings of the DARPA Information Survivability Conference and Exposition, 2003, Vol. 2. IEEE, 117--119. DOI:http://dx.doi.org/10.1109/DISCEX.2003.1194942 Google ScholarCross Ref
- Holger Benl, Ulrich Berger, Helmut Schwichtenberg, Monika Seisenberger, and Wolfgang Zuber. 1998. Proof theory at work: Program development in the minlog system. In Automated Deduction: A Basis for Applications, Wolfgang Bibel and Peter H. Schmitt (Eds.). Applied Logic Series, Vol. 9. Springer, Netherlands, 41--71. DOI:http://dx.doi.org/10.1007/978-94-017-0435-9_2 Google ScholarCross Ref
- Stefan Berghofer. 2003. Program extraction in simply-typed higher order logic. In Types for Proofs and Programs, Herman Geuvers and Freek Wiedijk (Eds.). Lecture Notes in Computer Science, Vol. 2646. Springer, Berlin, 21--38. DOI:http://dx.doi.org/10.1007/3-540-39185-1_2 Google ScholarCross Ref
- Dirk Beyer. 2015. Software verification and verifiable witnesses. In Tools and Algorithms for the Construction and Analysis of Systems, Christel Baier and Cesare Tinelli (Eds.). Lecture Notes in Computer Science, Vol. 9035. Springer, Berlin, 401--416. DOI:http://dx.doi.org/10.1007/978-3-662-46681-0_31 Google ScholarDigital Library
- Dirk Beyer, Adam J. Chlipala, Thomas A. Henzinger, Ranjit Jhala, and Rupak Majumdar. 2004. The BLAST query language for software verification. In Static Analysis, Roberto Giacobazzi (Ed.). Lecture Notes in Computer Science, Vol. 3148. Springer, Berlin, 2--18. DOI:http://dx.doi.org/10.1007/978-3-540-27864-1_2 Google ScholarCross Ref
- Dirk Beyer, Thomas A. Henzinger, and Grégory Théoduloz. 2007. Configurable software verification: Concretizing the convergence of model checking and program analysis. In Computer Aided Verification, Werner Damm and Holger Hermanns (Eds.). Lecture Notes in Computer Science, Vol. 4590. Springer, Berlin, 504--518. DOI:http://dx.doi.org/10.1007/978-3-540-73368-3_51 Google ScholarCross Ref
- Dirk Beyer and M. Erkan Keremoglu. 2011. CPAchecker: A tool for configurable software verification. In Computer Aided Verification, Ganesh Gopalakrishnan and Shaz Qadeer (Eds.). Lecture Notes in Computer Science, Vol. 6806. Springer, Berlin, 184--190. DOI:http://dx.doi.org/10.1007/978-3-642-22110-1_16 Google ScholarCross Ref
- Dirk Beyer, M. Erkan Keremoglu, and Philipp Wendler. 2010. Predicate abstraction with adjustable-block encoding. In Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design (FMCAD’10). FMCAD, Austin, TX, 189--198.Google ScholarDigital Library
- Dirk Beyer and Stefan Löwe. 2013. Explicit-state software model checking based on CEGAR and interpolation. In Fundamental Approaches to Software Engineering, Vittorio Cortellessa and Dániel Varró (Eds.). Lecture Notes in Computer Science, Vol. 7793. Springer, Berlin, 146--162. DOI:http://dx.doi.org/10.1007/978-3-642-37057-1_11 Google ScholarDigital Library
- Dirk Beyer, Stefan Löwe, Evgeny Novikov, Andreas Stahlbauer, and Philipp Wendler. 2013. Precision reuse for efficient regression verification. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering (ESEC/FSE’13). ACM, New York, NY, 389--399. DOI:http://dx.doi.org/ 10.1145/2491411.2491429 Google ScholarDigital Library
- Dirk Beyer, Stefan Löwe, and Philipp Wendler. 2015a. Benchmarking and resource measurement. In Proceedings of Model Checking Software: 22nd International Symposium (SPIN’15), Bernd Fischer and Jaco Geldenhuys (Eds.), Lecture Notes of Computer Science, Vol. 9232. Springer International Publishing, Cham, 160--178. Google ScholarDigital Library
- Dirk Beyer, Stefan Löwe, and Philipp Wendler. 2015b. Refinement selection. In Proceedings of Model Checking Software: 22nd International Symposium (SPIN’15), Bernd Fischer and Jaco Geldenhuys (Eds.). Lecture Notes in Computer Science, Vol. 9232. Springer International Publishing, Cham, 20--38. DOI:http://dx.doi.org/10.1007/978-3-319-23404-5_3 Google ScholarDigital Library
- Dirk Beyer, Stefan Löwe, and Philipp Wendler. 2015c. Sliced path prefixes: An effective method to enable refinement selection. In Formal Techniques for Distributed Objects, Components, and Systems, Susanne Graf and Mahesh Viswanathan (Eds.). Lecture Notes in Computer Science, Vol. 9039. Springer International Publishing, Cham, 228--243. DOI:http://dx.doi.org/10.1007/978-3-319-19195-9_15 Google ScholarCross Ref
- Sandrine Blazy, David Bühler, and Boris Yakobowski. 2014. Improving static analyses of C programs with conditional predicates. In Formal Methods for Industrial Critical Systems, Frédéric Lang and Francesco Flammini (Eds.). Lecture Notes in Computer Science, Vol. 8718. Springer International Publishing, 140--154. DOI:http://dx.doi.org/10.1007/978-3-319-10702-8_10 Google ScholarCross Ref
- William J. Brown, Raphael C. Malveau, Hays W. McCormick III, and Thomas J. Mowbray. 1998. AntiPatterns: Refactoring Software, Architectures, and Projects in Crisis. John Wiley 8 Sons, New York, NY.Google ScholarDigital Library
- Oliver Burn (founder). 2015. Checkstyle Retrieved from http://checkstyle.sourceforge.net/.Google Scholar
- Alessandro Cimatti, Alberto Griggio, Bastiaan Joost Schaafsma, and Roberto Sebastiani. 2013. The MathSAT5 SMT solver. In Tools and Algorithms for the Construction and Analysis of Systems, Nir Piterman and Scott A. Smolka (Eds.). Lecture Notes in Computer Science, Vol. 7795. Springer, Berlin, 93--107. DOI:http://dx.doi.org/10.1007/978-3-642-36742-7_7 Google ScholarDigital Library
- Edmund Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, and Helmut Veith. 2000. Counterexample-guided abstraction refinement. In Computer Aided Verification, E. Allen Emerson and Aravinda Prasad Sistla (Eds.). Lecture Notes in Computer Science, Vol. 1855. Springer, Berlin, 154--169. DOI:http://dx.doi.org/10.1007/10722167_15 Google ScholarCross Ref
- Byron Cook, Eric Koskinen, and Moshe Vardi. 2011. Temporal property verification as a program analysis task. In Computer Aided Verification, Ganesh Gopalakrishnan and Shaz Qadeer (Eds.). Lecture Notes in Computer Science, Vol. 6806. Springer, Berlin, 333--348. DOI:http://dx.doi.org/ 10.1007/978-3-642-22110-1_26 Google ScholarCross Ref
- Patrick Cousot and Radhia Cousot. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL’77). ACM, New York, NY, 238--252. DOI:http://dx.doi.org/10.1145/512950.512973 Google ScholarDigital Library
- Patrick Cousot, Pierre Ganty, and Jean-François Raskin. 2007. Fixpoint-guided abstraction refinements. In Static Analysis, Hanne Riis Nielson and Gilberto Filé (Eds.). Lecture Notes in Computer Science, Vol. 4634. Springer, Berlin, 333--348. DOI:http://dx.doi.org/10.1007/978-3-540-74061-2_21 Google ScholarCross Ref
- Karl Crary and Stephanie Weirich. 2000. Resource bound certification. In Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’00). ACM, New York, NY, 184--198. DOI:http://dx.doi.org/10.1145/325694.325716 Google ScholarDigital Library
- Pascal Cuoq, Florent Kirchner, Nikolai Kosmatov, Virgile Prevosto, Julien Signoles, and Boris Yakobowski. 2012. Frama-C. In Software Engineering and Formal Methods, George Eleftherakis, Mike Hinchey, and Mike Holcombe (Eds.). Lecture Notes in Computer Science, Vol. 7504. Springer, Berlin, 233--247. DOI:http://dx.doi.org/10.1007/978-3-642-33826-7_16 Google ScholarDigital Library
- Manuvir Das, Sorin Lerner, and Mark Seigle. 2002. ESP: Path-sensitive program verification in polynomial time. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (PLDI’02). ACM, New York, NY, 57--68. DOI:http://dx.doi.org/10.1145/512529.512538 Google ScholarDigital Library
- Dinakar Dhurjati, Manuvir Das, and Yue Yang. 2006. Path-sensitive dataflow analysis with iterative refinement. In Static Analysis, Kwangkeun Yi (Ed.). Lecture Notes in Computer Science, Vol. 4134. Springer, Berlin, 425--442. DOI:http://dx.doi.org/ 10.1007/11823230_27 Google ScholarDigital Library
- Stefanie Drzevitzky, Uwe Kastens, and Marco Platzner. 2009. Proof-Carrying Hardware: Towards runtime verification of reconfigurable modules. In Proceedings of the International Conference on Reconfigurable Computing and FPGAs, 2009 (ReConFig’09). IEEE, 189--194. DOI:http://dx.doi.org/10.1109/ReConFig.2009.31 Google ScholarDigital Library
- Eitan Farchi, Yarden Nir, and Shmuel Ur. 2003. Concurrent bug patterns and how to test them. In Proceedings of the 17th International Symposium on Parallel and Distributed Processing (IPDPS’03). IEEE Computer Society, 286.2. DOI:http://dx.doi.org/10.1109/IPDPS.2003.1213511 Google ScholarCross Ref
- Jeffrey Fischer, Ranjit Jhala, and Rupak Majumdar. 2005. Joining dataflow with predicates. In Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE-13). ACM, New York, NY, 227--236. DOI:http://dx.doi.org/10.1145/1081706.1081742 Google ScholarDigital Library
- Susanne Graf and Hassen Saidi. 1997. Construction of abstract state graphs with PVS. In Computer Aided Verification, Orna Grumberg (Ed.). Lecture Notes in Computer Science, Vol. 1254. Springer, Berlin, 72--83. DOI:http://dx.doi.org/10.1007/3-540-63166-6_10 Google ScholarCross Ref
- Jan F. Groote, Tim W. D. M. Kouters, and Ammar Osaiweran. 2015. Specification guidelines to avoid the state space explosion problem. Software Test. Verification Reliability 25, 1 (2015), 4--33. DOI:http://dx.doi.org/10.1002/stvr.1536 Google ScholarDigital Library
- Bhargav S. Gulavani and Sriram K. Rajamani. 2006. Counterexample driven refinement for abstract interpretation. In Tools and Algorithms for the Construction and Analysis of Systems, Holger Hermanns and Jens Palsberg (Eds.). Lecture Notes in Computer Science, Vol. 3920. Springer, Berlin, 474--488. DOI:http://dx.doi.org/10.1007/11691372_34 Google ScholarDigital Library
- Sumit Gulwani, Sagar Jain, and Eric Koskinen. 2009. Control-flow refinement and progress invariants for bound analysis. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’09). ACM, New York, NY, 375--385. DOI:http://dx.doi.org/ 10.1145/1542476.1542518 Google ScholarDigital Library
- Mary W. Hall, John M. Mellor-Crummey, Alan Carle, and René G. Rodríguez. 1994. FIAT: A framework for interprocedural analysis and transformation. In Languages and Compilers for Parallel Computing, Utpal Banerjee, David Gelernter, Alex Nicolau, and David Padua (Eds.). Lecture Notes in Computer Science, Vol. 768. Springer, Berlin, 522--545. DOI:http://dx.doi.org/10.1007/3-540-57659-2_30 Google ScholarCross Ref
- Mark Harman, Lin Hu, Rob Hierons, Joachim Wegener, Harmen Sthamer, André Baresel, and Marc Roper. 2004. Testability transformation. IEEE Trans. Software Eng. 30, 1 (Jan. 2004), 3--16. DOI:http://dx.doi.org/10.1109/TSE.2004.1265732 Google ScholarDigital Library
- Matthias Heizmann, Jochen Hoenicke, and Andreas Podelski. 2009. Refinement of trace abstraction. In Static Analysis, Jens Palsberg and Zhendong Su (Eds.). Lecture Notes in Computer Science, Vol. 5673. Springer, Berlin, 69--85. DOI:http://dx.doi.org/10.1007/978-3-642-03237-0_7 Google ScholarDigital Library
- Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, and Kenneth L. McMillan. 2004. Abstractions from proofs. In Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’04). ACM, New York, NY, 232--244. DOI:http://dx.doi.org/10.1145/964001.964021 Google ScholarDigital Library
- Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, and Marco A.A. Sanvido. 2003. Extreme model checking. In Verification: Theory and Practice, Nachum Dershowitz (Ed.). Lecture Notes in Computer Science, Vol. 2772. Springer, Berlin, 332--358. DOI:http://dx.doi.org/10.1007/978-3-540-39910-0_16 Google ScholarCross Ref
- Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, and Grégoire Sutre. 2002a. Lazy abstraction. In Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’02). ACM, New York, NY, 58--70. DOI:http://dx.doi.org/10.1145/503272.503279 Google ScholarDigital Library
- Thomas A. Henzinger, George C. Necula, Ranjit Jhala, Grégoire Sutre, Rupak Majumdar, and Westley Weimer. 2002b. Temporal-safety proofs for systems code. In Computer Aided Verification, Ed Brinksma and Kim Guldstrand Larsen (Eds.). Lecture Notes in Computer Science, Vol. 2404. Springer, Berlin, 526--538. DOI:http://dx.doi.org/10.1007/3-540-45657-0_45 Google ScholarCross Ref
- Shin Hong and Moonzoo Kim. 2013. Effective pattern-driven concurrency bug detection for operating systems. J. Syst. Software 86, 2 (2013), 377--388. DOI:http://dx.doi.org/10.1016/j.jss.2012.08.063 Google ScholarDigital Library
- David Hovemeyer and William Pugh. 2004. Finding bugs is easy. SIGPLAN Not. 39, 12 (Dec. 2004), 92--106. DOI:http://dx.doi.org/10.1145/1052883.1052895 Google ScholarDigital Library
- William A. Howard. 1969. The formulae-as-types notion of construction. (1969). Reprinted in To H. B. Curry: Essays on Combinatory Logic, Lambda Calculus and Formalism, J. P. Seldin and J. R. Hindley (Eds). Academic Press, 1980.Google Scholar
- Sebastian Hunt and David Sands. 2006. On flow-sensitive security types. In Conference Record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’06). ACM, New York, NY, 79--90. DOI:http://dx.doi.org/10.1145/1111037.1111045 Google ScholarDigital Library
- IBM Research. 2015. T.J. Watson Libraries for Analysis (WALA) Retrieved from http://wala.sourceforge.net.Google Scholar
- Joxan Jaffar and Vijayaraghavan Murali. 2014. A path-sensitively sliced control flow graph. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE’14). ACM, New York, NY, 133--143. DOI:http://dx.doi.org/10.1145/2635868.2635884 Google ScholarDigital Library
- Marie-Christine Jakobs. 2015. Speed up configurable certificate validation by certificate reduction and partitioning. In Software Engineering and Formal Methods, Radu Calinescu and Bernhard Rumpe (Eds.). Lecture Notes in Computer Science, Vol. 9276. Springer International Publishing, 159--174. DOI:http://dx.doi.org/10.1007/978-3-319-22969-0_12 Google ScholarCross Ref
- Marie-Christine Jakobs and Heike Wehrheim. 2014. Certification for configurable program analysis. In Proceedings of the 2014 International SPIN Symposium on Model Checking of Software (SPIN’14). ACM, New York, NY, 30--39. DOI:http://dx.doi.org/10.1145/2632362.2632372 Google ScholarDigital Library
- Marie-Christine Jakobs and Heike Wehrheim. 2015. Programs from Proofs of predicated dataflow analyses. In Proceedings of the 30th Annual ACM Symposium on Applied Computing (SAC’15). ACM, New York, NY, 1729--1736. DOI:http://dx.doi.org/10.1145/2695664.2695690 Google ScholarDigital Library
- Bertrand Jeannet and Antoine Miné. 2009. Apron: A library of numerical abstract domains for static analysis. In Computer Aided Verification, Ahmed Bouajjani and Oded Maler (Eds.). Lecture Notes in Computer Science, Vol. 5643. Springer, Berlin, 661--667. DOI:http://dx.doi.org/10.1007/978-3-642-02658-4_52 Google ScholarDigital Library
- Ranjit Jhala and Rupak Majumdar. 2009. Software model checking. ACM Comput. Surv. 41, 4, Article 21 (Oct. 2009), 54 pages.Google Scholar
- Ralph E. Johnson, Erich Gamma, John Vlissides, and Richard Helm. 1995. Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley Longman Publishing Co., Boston, MA.Google ScholarDigital Library
- John B. Kam and Jeffrey D. Ullman. 1977. Monotone data flow analysis frameworks. Acta Inform. 7, 3 (1977), 305--317. DOI:http://dx.doi.org/10.1007/BF00290339 Google ScholarDigital Library
- Gary A. Kildall. 1973. A unified approach to global program optimization. In Proceedings of the 1st Annual ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL’73). ACM, New York, NY, 194--206. DOI:http://dx.doi.org/10.1145/512927.512945 Google ScholarDigital Library
- Kelvin Ku, Thomas E. Hart, Marsha Chechik, and David Lie. 2007. A buffer overflow benchmark for software model checkers. In Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering (ASE’07). ACM, New York, NY, 389--392. DOI:http://dx.doi.org/10.1145/1321631.1321691 Google ScholarDigital Library
- Xavier Leroy. 2002. Bytecode verification on Java smart cards. Software: Pract. Exper. 32, 4 (2002), 319--340. DOI:http://dx.doi.org/10.1002/spe.438 Google ScholarDigital Library
- Pierre Letouzey. 2003. A new extraction for Coq. In Types for Proofs and Programs, Herman Geuvers and Freek Wiedijk (Eds.). Lecture Notes in Computer Science, Vol. 2646. Springer, Berlin, 200--219. DOI:http://dx.doi.org/10.1007/3-540-39185-1_12 Google ScholarCross Ref
- Pierre Letouzey. 2008. Extraction in Coq: An overview. In Logic and Theory of Algorithms, Arnold Beckmann, Costas Dimitracopoulos, and Benedikt Löwe (Eds.). Lecture Notes in Computer Science, Vol. 5028. Springer, Berlin, 359--369. DOI:http://dx.doi.org/10.1007/978-3-540-69407-6_39 Google ScholarDigital Library
- Vivien Maisonneuve. 2012. Convex invariant refinement by control node splitting: A heuristic approach. Electronic Notes Theor. Comput. Sci. 288 (2012), 49--59. DOI:http://dx.doi.org/10.1016/j.entcs.2012.10.007 Proceedings of the 3rd International Workshop on Numerical and Symbolic Abstract Domains, {NSAD} 2011. Google ScholarDigital Library
- Kedar S. Namjoshi. 2001. Certifying model checkers. In Computer Aided Verification, Gérard Berry, Hubert Comon, and Alain Finkel (Eds.). Lecture Notes in Computer Science, Vol. 2102. Springer, Berlin, 2--13. DOI:http://dx.doi.org/10.1007/3-540-44585-4_2 Google ScholarCross Ref
- George C. Necula. 1997. Proof-Carrying Code. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’97). ACM, New York, NY, 106--119. DOI:http://dx.doi.org/10.1145/263699.263712 Google ScholarDigital Library
- George C. Necula and Peter Lee. 1998. Safe, untrusted agents using Proof-Carrying Code. In Mobile Agents and Security, Giovanni Vigna (Ed.). Lecture Notes in Computer Science, Vol. 1419. Springer, Berlin, 61--91. DOI:http://dx.doi.org/10.1007/3-540-68671-1_5 Google ScholarCross Ref
- George C. Necula, Scott McPeak, and Westley Weimer. 2002. CCured: Type-safe retrofitting of legacy code. In Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’02). ACM, New York, NY, 128--139. DOI:http://dx.doi.org/10.1145/503272.503286 Google ScholarDigital Library
- Flemming Nielson, Hanne R. Nielson, and Chris Hankin. 1999. Principles of Program Analysis. Springer-Verlag New York, Secaucus, NJ. Google ScholarCross Ref
- Doron Peled and Lenore Zuck. 2001. From model checking to a temporal proof. In Model Checking Software, Matthew Dwyer (Ed.). Lecture Notes in Computer Science, Vol. 2057. Springer, Berlin, 1--14. DOI:http://dx.doi.org/10.1007/3-540-45139-0_1 Google ScholarCross Ref
- Xavier Rival and Laurent Mauborgne. 2007. The trace partitioning abstract domain. ACM Trans. Program. Lang. Syst. 29, 5, Article 26 (Aug. 2007), 51 pages. DOI:http://dx.doi.org/10.1145/1275497.1275501 Google ScholarDigital Library
- Eva Rose. 2003. Lightweight bytecode verification. J. Autom. Reason. 31, 3--4 (2003), 303--334. DOI:http://dx.doi.org/10.1023/B:JARS.0000021015.15794.82 Google ScholarDigital Library
- Sriram Sankaranarayanan and Franjo Ivančić. 2013. NECLA Static Analysis Benchmarks (necla-static-small) v1.1 Retrieved from http://www.nec-labs.com/research/system/systems_SAV-website/small_static_ bench-v1.1.tar.gz.Google Scholar
- Sriram Sankaranarayanan, Franjo Ivančić, Ilya Shlyakhter, and Aarti Gupta. 2006. Static analysis in disjunctive numerical domains. In Static Analysis, Kwangkeun Yi (Ed.). Lecture Notes in Computer Science, Vol. 4134. Springer, Berlin, 3--17. DOI:http://dx.doi.org/10.1007/11823230_2 Google ScholarDigital Library
- Paul B. Schneck. 1973. A survey of compiler optimization techniques. In Proceedings of the ACM Annual Conference (ACM’73). ACM, New York, NY, 106--113. DOI:http://dx.doi.org/10.1145/800192.805690 Google ScholarDigital Library
- Ondrej Sery, Grigory Fedyukovich, and Natasha Sharygina. 2012. Interpolation-based function summaries in bounded model checking. In Hardware and Software: Verification and Testing, Kerstin Eder, João Lourenço, and Onn Shehory (Eds.). Lecture Notes in Computer Science, Vol. 7261. Springer, Berlin, 160--175. DOI:http://dx.doi.org/10.1007/978-3-642-34188-5_15 Google ScholarDigital Library
- Rahul Sharma, Isil Dillig, Thomas Dillig, and Alex Aiken. 2011. Simplifying loop invariant generation using splitter predicates. In Computer Aided Verification, Ganesh Gopalakrishnan and Shaz Qadeer (Eds.). Lecture Notes in Computer Science, Vol. 6806. Springer, Berlin, 703--719. DOI:http://dx.doi.org/10.1007/978-3-642-22110-1_57 Google ScholarCross Ref
- Bernhard Steffen. 1996. Property-oriented expansion. In Static Analysis, Radhia Cousot and David A. Schmidt (Eds.). Lecture Notes in Computer Science, Vol. 1145. Springer, Berlin, 22--41. DOI:http://dx.doi.org/10.1007/3-540-61739-6_31 Google ScholarCross Ref
- Aditya Thakur and R. Govindarajan. 2008. Comprehensive path-sensitive data-flow analysis. In Proceedings of the 6th Annual IEEE/ACM International Symposium on Code Generation and Optimization (CGO’08). ACM, New York, NY, 55--63. DOI:http://dx.doi.org/10.1145/1356058.1356066 Google ScholarDigital Library
- Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot - A Java bytecode optimization framework. In Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research (CASCON’99). IBM Press, 13--23.Google ScholarDigital Library
- Chao Wang, Zijiang Yang, Aarti Gupta, and Franjo Ivančić. 2007. Using counterexamples for improving the precision of reachability computation with polyhedra. In Computer Aided Verification, Werner Damm and Holger Hermanns (Eds.). Lecture Notes in Computer Science, Vol. 4590. Springer, Berlin, 352--365. DOI:http://dx.doi.org/10.1007/978-3-540-73368-3_40 Google ScholarCross Ref
- Kirsten Winter, Chenyi Zhang, Ian J. Hayes, Nathan Keynes, Cristina Cifuentes, and Lian Li. 2013. Path-sensitive data flow analysis simplified. In Formal Methods and Software Engineering, Lindsay Groves and Jing Sun (Eds.). Lecture Notes in Computer Science, Vol. 8144. Springer, Berlin, 415--430. DOI:http://dx.doi.org/10.1007/978-3-642-41202-8_27 Google ScholarCross Ref
- Daniel Wonisch, Alexander Schremmer, and Heike Wehrheim. 2013. Programs from Proofs -- A PCC alternative. In Computer Aided Verification, Natasha Sharygina and Helmut Veith (Eds.). Lecture Notes in Computer Science, Vol. 8044. Springer, Berlin, 912--927. DOI:http://dx.doi.org/10.1007/978-3-642-39799-8_65 Google ScholarCross Ref
- Daniel Wonisch and Heike Wehrheim. 2012. Predicate analysis with block-abstraction memoization. In Formal Methods and Software Engineering, Toshiaki Aoki and Kenji Taguchi (Eds.). Lecture Notes in Computer Science, Vol. 7635. Springer, Berlin, 332--347. DOI:http://dx.doi.org/10.1007/978-3-642-34281-3_24 Google ScholarDigital Library
- Xiang Yin, John C. Knight, Elisabeth A. Nguyen, and Westley Weimer. 2008. Formal verification by reverse synthesis. In Proceedings of the 27th International Conference on Computer Safety, Reliability, and Security (SAFECOMP’08), Michael D. Harrison and Mark-Alexander Sujan (Eds.). Lecture Notes in Computer Science, Vol. 5219. Springer, Berlin, 305--319. DOI:http://dx.doi.org/10.1007/978-3-540-87698-4_26 Google ScholarDigital Library
- Xiang Yin, John C. Knight, and Westley Weimer. 2009. Exploiting refactoring in formal verification. In Proceedings of the 2009 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’09). IEEE Computer Society, 53--62. DOI:http://dx.doi.org/10.1109/DSN.2009.5270355 Google ScholarCross Ref
- Sai Zhang and Jianjun Zhao. 2007. On identifying bug patterns in aspect-oriented programs. In Proceedings of the 31st Annual International Computer Software and Applications Conference, 2007 (COMPSAC’07)., Vol. 1. IEEE, 431--438. DOI:http://dx.doi.org/10.1109/COMPSAC.2007.159 Google ScholarDigital Library
Index Terms
- Programs from Proofs: A Framework for the Safe Execution of Untrusted Software
Recommendations
Programs from proofs of predicated dataflow analyses
SAC '15: Proceedings of the 30th Annual ACM Symposium on Applied Computing"Programs from Proofs" is a generic method which generates new programs out of correctness proofs of given programs. The technique ensures that the new and given program are behaviorally equivalent and that the new program is easily verifiable, thus ...
Code-carrying theory
SAC '08: Proceedings of the 2008 ACM symposium on Applied computingCode-Carrying Theory (CCT) is an alternative to the Proof-Carrying Code (PCC) approach to secure delivery of code. With PCC, code is accompanied by assertions and a proof of correctness or of other required properties. The code consumer does not accept ...
An Abstract Interpretation-based Approach to Mobile Code Safety
Recent approaches to mobile code safety, like proof-carrying code, involve associating safety information to programs. The code supplier provides a program and also includes with it a certificate (or proof) whose validity entails compliance with a ...
Comments