Skip to main content
SpringerLink
Log in

Certifying Temporal Properties for Compiled C Programs

  • Conference paper
Verification, Model Checking, and Abstract Interpretation (VMCAI 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2937))

Abstract

We investigate the certification of temporal properties of untrusted code. This kind of certification has many potential applications, including high confidence extension of operating system kernels. The size of a traditional, proof-based certificate tends to expand drastically because of the state explosion problem. Abstraction-carrying Code (ACC) obtains smaller certificates at the expense of an increased verification time. In addition, a single ACC certificate may be used to certify multiple properties. ACC uses an abstract interpretation of the mobile program as a certificate. A client receiving the code and the certificate will first validate the abstraction and then run a model checker to verify the temporal property.

We have developed ACCEPT/C, a certifier of reachability properties for an intermediate language program compiled from C source code, demonstrating the practicality of ACC. Novel aspects of our implementation include: 1) the use of a Boolean program as a certificate; 2) the preservation of Boolean program abstraction during compilation; 3) the encoding of the Boolean program as program assertions in the intermediate program; and 4) the semantics-based validation of the Boolean program via a verification condition generator (VCGen). Our experience of applying ACCEPT/C to real programs, including Linux and NT drivers, shows a significant reduction in certificate size compared to other techniques of similar expressive power; the time spent on model checking is reasonable.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Appel, A.: Fundational Proof-carrying Code. In: Proceeding of 16th IEEE Symposium on Logics in Computer Science (June 2001)

    Google Scholar 

  2. Ball, T., Rajamani, S.: Automatically ValidatingTemporal Safety Properties of Interfaces. In: Dwyer, M.B. (ed.) SPIN 2001. LNCS, vol. 2057, pp. 103–122. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Bensalem, S., Lakhnech, Y., Owre, S.: Computing abstractions of infinite state systems compositionally and automatically. In: Y. Vardi, M. (ed.) CAV 1998. LNCS, vol. 1427, pp. 319–331. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  4. Bernard, A., Lee, P.: Temporal Logic for Proof-carrying Code. In: Voronkov, A. (ed.) CADE 2002. LNCS (LNAI), vol. 2392, pp. 31–46. Springer, Heidelberg (2002)

    Google Scholar 

  5. Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-Guided Abstraction Refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 154–169. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  6. Das, S., Dill, D., Park, S.J.: Experience with Predicate Abstraction. In: Halbwachs, N., Peled, D.A. (eds.) CAV 1999. LNCS, vol. 1633, pp. 160–171. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  7. Graf, S., Saidi, H.: Construction of Abstract State Graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (1997)

    Google Scholar 

  8. Henzinger, T., Jhala, R., Majumdar, R., Necula, G., Sutre, G., Weimer, W.: Temporal-Safety Proofs for Systems Code. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 526–538. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  9. Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: ACM SIGPLANSIGACT Conference on Principles of Programming Languages, pp. 58–70 (2002)

    Google Scholar 

  10. Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Software verification with BLAST. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 235–239. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  11. Namjoshi, K.S.: Certifying Model Checkers. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, p. 2. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  12. Namjoshi, K.S.: Lifting Temporal Proofs through Abstractions. In: Zuck, L.D., Attie, P.C., Cortesi, A., Mukhopadhyay, S. (eds.) VMCAI 2003. LNCS, vol. 2575, pp. 174–188. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  13. Kozen, D.: Efficient Code Certification, Technical Report, Computer Science Department, Cornell University (1998)

    Google Scholar 

  14. Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems. Springer, Heidelberg (1992)

    Google Scholar 

  15. McPeak, S., Necula, G.C., Rahul, S.P., Weimer, W.: Cil: Intermediate languages and tools for c program analysis and transformation. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol. 2304, Springer, Heidelberg (2002)

    Google Scholar 

  16. Morrisett, G., Crary, K., Glew, N., Walker, D.: Stacked-based Typed Assembly Language. In: Leroy, X., Ohori, A. (eds.) TIC 1998. LNCS, vol. 1473, pp. 28–52. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  17. Morrisett, G., Walker, D., Crary, K., Glew, N.: From System F toTyped Assembly Language. ACM Transactions on Programming Languages and Systems 21(3), 527–568 (1999)

    Article  Google Scholar 

  18. Necula, G.: Compiling with Proofs. PhD thesis, Carnegie Mellon University (1998)

    Google Scholar 

  19. Necula, G.: A Scalable Architecture for Proof-Carrying Code (2001)

    Google Scholar 

  20. Kurshan, R.: Models Whose Checks Don’t Explode. In: Dill, D.L. (ed.) CAV 1994. LNCS, vol. 818, pp. 222–233. Springer, Heidelberg (1994)

    Google Scholar 

  21. Saidi, H.: Model-checking Guided Abstraction and Analysis. In: Palsberg, J. (ed.) SAS 2000. LNCS, vol. 1824, pp. 377–389. Springer, Heidelberg (2000)

    Google Scholar 

  22. Schwoon, S.: Moped software, available at http://wwwbrauer.informatik.tu-muenchen.de/~schwoon/moped/

  23. Sekar, R., Ramakrishnan, C., Ramakrishnan, I., Smolka, S.: Model-carrying Code (MCC): A New Paradigm for Mobile Code Security. In: New Security Paradigm Workshop (2001)

    Google Scholar 

  24. Sekar, R., Venkatakrishnan, V., Basu, S., Bhatkar, S., DuVarney, D.: Model-carrying code: A practical approach for safe execution of untrusted applications. In: Proceedings of ACM Symposium on Operating System Principles, pp. 15–28 (2003)

    Google Scholar 

  25. Shao, Z., Saha, B., Trifonov, V., Papaspyrou, N.: Type System for Certified Binaries. In: Proc. 29th ACM Symposium on Principles of Programming Languages (POPL 2002), January 2002, pp. 217–232 (2002)

    Google Scholar 

  26. Tan, L., Cleaveland, R.: Evidence-based model checking. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 455–470. Springer, Heidelberg (2001)

    Google Scholar 

  27. Xi, H., Harper, R.: Dependently Typed Assembly Language. In: Proceedings of the Sixth ACM SIGPLAN International Conference on Functional Programming, September 2001, pp. 169–180 (2001)

    Google Scholar 

  28. Xia, S., Hook, J.: Experience with abstraction-carrying code. In: Proceedigns of Software Model Checking Workshop (2003)

    Google Scholar 

  29. Xia, S., Hook, J.: An implementation of abstraction-carrying code. In: Proceedings of Foundations of Computer Security Workshop (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. OGI School of Science & Engineering, Oregon Health & Science University, Beaverton, OR, 97006, USA

    Songtao Xia & James Hook

Authors
  1. Songtao Xia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. James Hook
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Chair Programming Systems, Universität Dortmund, Otto-Hahn-Str. 14, 44227, Dortmund, Germany

    Bernhard Steffen

  2. Dipartimento di Informatica, Università di Pisa, Via Buonarroti, 2, 56100, Pisa, Italy

    Giorgio Levi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Xia, S., Hook, J. (2004). Certifying Temporal Properties for Compiled C Programs. In: Steffen, B., Levi, G. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2004. Lecture Notes in Computer Science, vol 2937. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24622-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24622-0_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20803-7

  • Online ISBN: 978-3-540-24622-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation