Presentation is loading. Please wait.

Presentation is loading. Please wait.

Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute.

Published byEvan Gordon Modified over 9 years ago

Similar presentations

Presentation on theme: "Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute."— Presentation transcript:

1 Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute

2 Outline Introduction Proof-Carrying Code (PCC) Code-Carrying Proofs(CCP) Sample CCP session Future Work

3 Potential Problems to be Solved Memory Safety illegal operations or illegal access to memory Security unauthorized access to data or system resources Functional Correctness whether the code does correctly what it is formally required to do

4 Two Solutions Proof-Carrying Code (PCC) Code-Carrying Proofs (CCP)

5 Proof-Carrying Code (PCC) Developed by Necula and Lee [1996] at CMU. Basic Idea: Use machine-checkable proofs as certificates. Proof construction is harder than proof checking Code producer provides the proof Code consumer checks it

6 Code Producer Code Consumer Theorem Prover Safety Policy Native Code With Annotations Proof Checker Ok CPU VCGen Verification Condition Safety Policy Safety Proof VCGen Verification Condition Source Code Touchstone Compiler Native Code With Annotations PCC

7 Code Producer Code Consumer Theorem Prover Safety Policy Native Code With Annotations Proof Checker No CPU VCGen Verification Condition Safety Policy Safety Proof VCGen Verification Condition (may change) Source Code Touchstone Compiler Tampered Native Code With Annotations Hacker  Tampered Code is not delivered to the CPU But safety is still guaranteed if the code is modified in such a way that the VC is unchanged PCC Tampered

8 Code Producer Code Consumer Theorem Prover Safety Policy Native Code With Annotations Proof Checker No CPU VCGen Verification Condition Safety Policy Tampered Safety Proof VCGen Verification Condition Source Code Touchstone Compiler Native Code With Annotations  Proof is either invalid or  is not the proof of the VC Hacker PCC Tampered

9 Code Producer Code Consumer Theorem Prover Safety Policy Native Code With Annotations Proof Checker VCGen Verification Condition Safety Policy VCGen Verification Condition (may change) Source Code Touchstone Compiler Tampered Native Code With Annotations Hacker  Safety is guaranteed if the tampered proof is the proof of the new VC Safety Proof Hacker Tampered Safety Proof Ok CPU PCC Tampered

10 Foundational PCC Developed by Appel in [2000] at Princeton VCGen is a large program. Replace it! Basic Idea: Define the semantics of the machine instructions and safety rules Use foundational mathematical logic instead of programming-language-specific axioms or safety rules No particular type system

11 Foundational PCC Prove w.r.t. the formal machine language semantics Operates at a very low level of abstraction It does reduce dependency on a large program (VCGen) but this is true for CCP also

12 Code-Carrying Proofs (CCP) Start with axioms that define functions The form of axioms is such that it is easy to extract executable code from them. Prove that the defined functions obey certain requirements The producer transmits Axioms The correctness theorems And their proofs

13 Code-Carrying Proofs (CCP) No explicit code transmission The consumer checks proofs to see if the correctness theorem is proved If proof checking succeeds, the consumer applies the code extractor to the axioms and obtain the executable code

14 Code-Carrying Proofs (CCP) CCP attempts to solve Functional Correctness problem We are dealing with a higher-level language

15 Code Producer Code Consumer Axioms & Proofs Theorem Prover Requirements Axioms & Theorems Proof Checker CPU Axioms & Theorems Code Extractor Code CCP Requirements Axioms & Proofs

16 Code Producer Code Consumer Axioms & Proofs Tampered Axioms & Proofs Theorem Prover Requirements Axioms & Theorems Proof Checker CPU Code Extractor Hacker (Failed Proofs) (No Code) CCP Tampered

17 Issues Encoding axioms and proofs Proof Checking Tests to be applied by the consumer to new function definitions (definitional principle) Syntactic Property Consistency Termination Implementing Code Extractor

18 Athena Implemented by K.Arkoudas A language for both: Ordinary Computation Logical Deduction

19 Athena Ordinary Computation Language Provides higher-order functions Has primitive functions for Unification Matching Substitution

20 Athena Logical Language Special Deductive Forms dcheck, dbegin, assume, … Primitive Deduction Methods mp, both, left-and, … Declarations structure, declare, … Directives load-file, clear-assumption-base, …

21 Athena Advantages Better Proof Readability Machine checkable proofs Makes it possible to formulate and write proofs as methods Generic Proofs write the proof once and instantiate it to prove specific cases

22 Code Extractor Quantified Equations and Conditional Equations These are clauses of a recursive function definition CE has to be able to combine these into a recursive function

23

24

25 Code Extractor CE can extract pure functions it is not capable of extracting destructive functions Example Functions: searching functions, sum It cannot handle functions like: in-place reverse, sort

26 Code Extractor We have been working on simple functions. But: In analogy to STL, it is useful to have a library of simple functions from which more complex functions can be composed, especially if the functions are generic It is possible for code extractor to extract complex functions composed of such simple functions

27 Future Work New Definitions and Tests to be applied Defining Memory More Proof Examples Improving the Code Extractor Memory Safety Generic Proofs and Proof packaging

Download ppt "Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.

Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.
Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.

Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 20: Total Correctness; Proof-

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 20: Total Correctness; Proof-
1 Regression-Verification Benny Godlin Ofer Strichman Technion.

1 Regression-Verification Benny Godlin Ofer Strichman Technion.
March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.

March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
Design & Analysis of Algoritms

Design & Analysis of Algoritms
Nicholas Moore Bianca Curutan Pooya Samizadeh McMaster University March 30, 2012.

Nicholas Moore Bianca Curutan Pooya Samizadeh McMaster University March 30, 2012.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
Generic Programming and Formal Methods David R. Musser Rensselaer Polytechnic Institute.

Generic Programming and Formal Methods David R. Musser Rensselaer Polytechnic Institute.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
An Introduction to Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker)

An Introduction to Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker)
The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI 297 5.31.2005.

The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI
Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.

Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
Proof-system search ( ` ) Interpretation search ( ² ) Main search strategy DPLL Backtracking Incremental SAT Natural deduction Sequents Resolution Main.

Proof-system search ( ` ) Interpretation search ( ² ) Main search strategy DPLL Backtracking Incremental SAT Natural deduction Sequents Resolution Main.

Similar presentations

Ads by Google