A Certifying Compiler and Pointer Logic Zhaopeng Li Software Security Lab. Department of Computer Science and Technology, University of Science and Technology.

Slides:

Advertisements

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Advertisements

Semantics Static semantics Dynamic semantics attribute grammars

Automatic Memory Management Noam Rinetzky Schreiber 123A /seminar/seminar1415a.html.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Analysis of programs with pointers. Simple example What are the dependences in this program? Problem: just looking at variable names will not give you.

Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.

B. Sharma, S.D. Dhodapkar, S. Ramesh 1 Assertion Checking Environment (ACE) for Formal Verification of C Programs Babita Sharma, S.D.Dhodapkar RCnD, BARC,

INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.

Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu

ISBN Chapter 3 Describing Syntax and Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

CS 355 – Programming Languages

Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.

Proof-system search ( ` ) Interpretation search ( ² ) Main search strategy DPLL Backtracking Incremental SAT Natural deduction Sequents Resolution Main.

Facilitating Program Verification with Dependent Types Hongwei Xi Boston University.

Typed Memory Management in a Calculus of Capabilities David Walker (with Karl Crary and Greg Morrisett)

Reasons to study concepts of PL

Programming Language Semantics Java Threads and Locks Informal Introduction The Java Specification Language Chapter 17.

An Open Framework for Foundational Proof-Carrying Code Xinyu Feng Yale University Joint work with Zhaozhong Ni (Yale, now at MSR), Zhong Shao (Yale) and.

On the Relationship Between Concurrent Separation Logic and Assume-Guarantee Reasoning Xinyu Feng Yale University Joint work with Rodrigo Ferreira and.

Language-Based Security Proof-Carrying Code Greg Morrisett Cornell University Thanks to G.Necula & P.Lee.

A Type-Checked Restrict Qualifier Jeff Foster OSQ Retreat May 9-10, 2001.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Direction of analysis Although constraints are not directional, flow functions are All flow functions we have seen so far are in the forward direction.

U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science Computer Systems Principles C/C++ Emery Berger and Mark Corner University of Massachusetts.

Describing Syntax and Semantics

C Programming for Embedded Systems. fig_06_00 Computer Layers Low-level hardware to high-level software (4GL: “domain-specific”, report-driven, e.g.)

Chapter 18 - Operator Overloading Associate Prof. Yuh-Shyan Chen Dept. of Computer Science and Information Engineering National Chung-Cheng University.

CUTE: A Concolic Unit Testing Engine for C Technical Report Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.

Chapter 10: Compilers and Language Translation Invitation to Computer Science, Java Version, Third Edition.

Introduction to Our Research on Certifying Compiler Zhaopeng Li (In Chinese: 李兆鹏 ) Certifying Compiler Group USTC-Yale Joint.

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

Axiomatic Methods for Software Verification Hongseok Yang.

Report on Project CComp Zhaopeng Li Joint work with Prof. Yiyun Chen, Zhong Zhuang, Simin Yang, Dawei Fan, Zhenting Zhang Software Security Lab., USTC,

Type Systems CS Definitions Program analysis Discovering facts about programs. Dynamic analysis Program analysis by using program executions.

ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.

Fast Points-to Analysis for Languages with Structured Types Michael Jung and Sorin A. Huss Integrated Circuits and Systems Lab. Department of Computer.

CS 363 Comparative Programming Languages Semantics.

Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.

Checking Reachability using Matching Logic Grigore Rosu and Andrei Stefanescu University of Illinois, USA.

© Andrew IrelandDependable Systems Group Cooperative Reasoning for Automatic Software Verification Andrew Ireland School of Mathematical & Computer Sciences.

Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.

Reading and Writing Mathematical Proofs Spring 2015 Lecture 4: Beyond Basic Induction.

Certifying Intermediate Programming Zhaopeng Li

3.2 Semantics. 2 Semantics Attribute Grammars The Meanings of Programs: Semantics Sebesta Chapter 3.

ISBN Chapter 3 Describing Semantics.

Chapter 3 Part II Describing Syntax and Semantics.

Semantics In Text: Chapter 3.

Secure Compiler Seminar 4/11 Visions toward a Secure Compiler Toshihiro YOSHINO (D1, Yonezawa Lab.)

Separation and Information Hiding Peter W. O’Hearn (Queen Mary, University of London) John C. Reynolds (Carnegie Mellon University) Hongseok Yang (Seoul.

From Hoare Logic to Matching Logic Reachability Grigore Rosu and Andrei Stefanescu University of Illinois, USA.

Automated tactics for separation logic VeriML Reconstruct Z3 Proof Safe incremental type checker Certifying code transformation Proof carrying hardware.

Principle of Programming Lanugages 3: Compilation of statements Statements in C Assertion Hoare logic Department of Information Science and Engineering.

Types and Programming Languages

SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.

An Introduction to Automated Program Verification with Permission Logics 15 th May 2015, Systems Group, ETH Zurich Uri Juhasz, Ioannis Kassios, Peter Müller,

CUTE: A Concolic Unit Testing Engine for C Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.

CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University

Extension of Separation Logic for Stack Reasoning Jiang Xinyu.

Chapter 1: Preliminaries Lecture # 2. Chapter 1: Preliminaries Reasons for Studying Concepts of Programming Languages Programming Domains Language Evaluation.

Review A program is… a set of instructions that tell a computer what to do. Programs can also be called… software. Hardware refers to… the physical components.

Software Engineering Algorithms, Compilers, & Lifecycle.

Certifying and Synthesizing Membership Equational Proofs Patrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu.

COSC 5V90 Functional Programming and Interactive Theorem Proving

CSE 3302 Programming Languages

Matching Logic An Alternative to Hoare/Floyd Logic

Seminar in automatic tools for analyzing programs with dynamic memory

SPL – PS2 C++ Memory Handling.

Presentation transcript:

A Certifying Compiler and Pointer Logic Zhaopeng Li Software Security Lab. Department of Computer Science and Technology, University of Science and Technology of China October 8, 2008 Towards Building Trusted Software

Software Security Lab, USTC2 Outline Motivation Research Goals Our Work A Certifying Compiler PointerC Language Pointer Logic Summary Future Work

Software Security Lab, USTC3 Motivation Software Safety Problems C language Widely used & legacy C codes Not easy to write a safe code with pointers One Solution : Program Verification Program + Annotation + Proof

Software Security Lab, USTC4 Motivation (cont.) Hoare Logic Hoare triple : {P}C{Q} Hard to reason pointer programs Separation Logic Low-level code, or high-level code with restriction Separation Conjunction (P*Q) Example: A Hoare-like Logic for C Language? p l1l1

Software Security Lab, USTC5 Research Goals Verification for C pointer programs Design a C-like language Design a logic Design a certifying compiler Generate codes with proof Minimize Trusted Computing Base

Software Security Lab, USTC6 Outline Motivation Research Goals Our Work A Certifying Compiler PointerC Language Pointer Logic Summary Future Work

Software Security Lab, USTC7 Our Certifying Compiler Source-level Certifying System Pointer Logic VCGen Prover Code Compiler Proof Compiler Certifying Compiler Source Code + Specifications Source Code + Spec. + Proof Assem. Code + Assem. Spec. + Assem. Proof PointerC Language

Software Security Lab, USTC8 Our Certifying Compiler (cont.) Prototype plcc ver1.0 ( ) plcc ver2.0 ( ) Improvements Build-in theorem prover Support limited pointer arithmetic Support more data structures Doubly-linked list

Software Security Lab, USTC9 Supported Programs Singly-linked/doubly-linked list traversal/reversal delete/insert create/clear Binary Tree traversal/rotate delete/insert

Software Security Lab, USTC10 Evaluation

Software Security Lab, USTC11 PointerC Language PointerC: A subset of C language with pointer type Memory management : malloc/free Main Constrains: Pointer Arithmetic is limited No union type No type cast …

Software Security Lab, USTC12 Pointer Logic Motivation PointerC typing rules with side conditions A logic proof system is needed Reason about source programs with complex pointer aliasing Why not separation logic?   p : ptr(struct (…, x: int; …))   p -> x : int ( valid(p) )

Software Security Lab, USTC13 Pointer Logic (cont.) Why not separation logic? p … q = p->next; p->next = p->next->next; free(q); … List_delete.c … q = p->next; t = q->next; p->next = t; free(q); … List_delete_trans.c No Rule for this kind of statement! t q No rule for aliasing inference! NULL struct List{ int data; struct list* next;}

Software Security Lab, USTC14 Basic ideas Precise pointer information collection At each program point Pointer classification Valid pointer set Null pointer set Dangling pointer set Equality between valid pointers

Software Security Lab, USTC15 Specification The information is concise ! Pointer Information

Software Security Lab, USTC16 Specification (cont.) Compare with separation logic Access path is short Low-level address is used in assertion Addresses are used to associate different heaps

Software Security Lab, USTC17 Expressivity Current Application Singly-linked list Doubly-linked list Binary Tree Graph? Equality between pointers is not certain Unable to be expressed in current pointer logic Not well-supported in separation logic either

Software Security Lab, USTC18 Expressivity (cont.) Singly-linked list Flat version Inductive version Singly-linked list from separation logic Flat version p nil p,l 1,l 2, …,l n-1 are distinct!

Software Security Lab, USTC19 Inference Rule Hoare-logic-like rules {P}C{Q} Extend Hoare Logic Calculate pointer information Q using P

Software Security Lab, USTC20 Memory Leak p NULL Pointer Logic Separtion Logic Memory Leak! No rules for this case! Assignment Axiom of Hoare Logic! must using precise assertion to rule out this case!

Software Security Lab, USTC21 Comparison with Separation Logic Common features: Extension of Hoare logic Deal with pointer programs Differences: High-level vs low-level Pointer logic can deal with long access paths Precise information vs information hiding Rule out memory leak via different means

Software Security Lab, USTC22 Outline Motivation Research Goals Our Work A Certifying Compiler PointerC Language Pointer Logic Summary Future Work

Software Security Lab, USTC23 Summary A Certifying Compiler Theorem prover for pointer logic Generate codes with proof A Pointer Logic Verification for PointerC pointer programs Hoare-logic-like rules Compare with separation logic

Software Security Lab, USTC24 Future Work PointerC Language Extension More language features Unlimited pointer arithmetic Pointer Logic Extension Deal more data structures, such as DAG Pointer Logic for Java (static garbage detection etc.) Concurrent programming Realistic Certifying Compiler Verify some codes of mini-OS

Software Security Lab, USTC25 Thanks! Questions?