Skip to main content
Springer Nature Link
Log in

Certified Static Analysis by Abstract Interpretation

  • Chapter
Foundations of Security Analysis and Design V (FOSAD 2009, FOSAD 2007, FOSAD 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5705))

  • 1385 Accesses

Abstract

A certified static analysis is an analysis whose semantic validity has been formally proved correct with a proof assistant. We propose a tutorial on building a certified static analysis in Coq. We study a simple bytecode language for which we propose an interval analysis that allows to verify statically that no array-out-of-bounds accesses will occur.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  • Barthe, G., Dufay, G.: A tool-assisted framework for certified bytecode verification. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 99–113. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  • Barthe, G., Dufay, G., Huisman, M., de Sousa, S.M.: Jakarta: A toolset for reasoning about javaCard. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 2–18. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  • Barthe, G., Dufay, G., Jakubiec, L., Serpette, B.P., de Sousa, S.M.: A formal executable semantics of the javaCard platform. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 302–319. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  • Bertot, Y.: Structural abstract interpretation, a formal study using Coq. In: LERNET Summer School. LNCS. Springer, Heidelberg (2008)

    Google Scholar 

  • Bertot, Y., Grégoire, B., Leroy, X.: A structured approach to proving compiler optimizations based on dataflow analysis. In: Filliâtre, J.-C., Paulin-Mohring, C., Werner, B. (eds.) TYPES 2004. LNCS, vol. 3839, pp. 66–81. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  • Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. of POPL 1977, pp. 238–252. ACM Press, New York (1977)

    Google Scholar 

  • Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Proc. of POPL 1979, pp. 269–282. ACM Press, New York (1979)

    Google Scholar 

  • Cousot, P., Cousot, R.: Abstract interpretation and application to logic programs. Journal of Logic Programming 13(2-3), 103–179 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  • Cousot, P., Cousot, R.: Abstract interpretation frameworks. Journal of Logic and Computation 2(4), 511–547 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  • Coupet-Grimal, S., Delobel, W.: A uniform and certified approach for two static analyses. In: Filliâtre, J.-C., Paulin-Mohring, C., Werner, B. (eds.) TYPES 2004. LNCS, vol. 3839, pp. 115–137. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  • Cachera, D., Jensen, T., Pichardie, D., Rusu, V.: Extracting a data flow analyser in constructive logic. Theoretical Computer Science 342(1), 56–78 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  • Cachera, D., Jensen, T., Pichardie, D., Schneider, G.: Certified Memory Usage Analysis. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 91–106. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  • Coq development team. The Coq proof assistant reference manual V8.2. Technical report, INRIA, France (2009), http://coq.inria.fr/doc/main.html

  • Cousot, P.: The calculational design of a generic abstract interpreter. In: Broy, M., Steinbrüggen, R. (eds.) Calculational System Design. NATO ASI Series F. IOS Press, Amsterdam (1999)

    Google Scholar 

  • Klein, G., Nipkow, T.: Verified Bytecode Verifiers. Theoretical Computer Science 298(3), 583–626 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  • Klein, G., Nipkow, T.: A machine-checked model for a Java-like language, virtual machine and compiler. ACM Transactions on Programming Languages and Systems 28(4), 619–695 (2006)

    Article  Google Scholar 

  • Lee, D.K., Crary, K., Harper, R.: Towards a mechanized metatheory of standard ml. In: Proc. of POPL 2007, pp. 173–184. ACM Press, New York (2007)

    Google Scholar 

  • Leroy, X.: Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In: Proc. of POPL 2006, pp. 42–54. ACM Press, New York (2006)

    Google Scholar 

  • McGraw, G., Felten, E.W.: Securing Java: getting down to business with mobile code. John Wiley & Sons, Inc., Chichester (1999)

    Google Scholar 

  • Monniaux, D.: Réalisation mécanisée d’interpréteurs abstraits. Rapport de DEA, Université Paris VII (1998) (in french)

    Google Scholar 

  • Pichardie, D.: Interprétation abstraite en logique intuitionniste: extraction d’analyseurs Java certifiés. PhD thesis, Université Rennes 1 (2005) (in french)

    Google Scholar 

  • Pichardie, D.: Building certified static analysers by modular construction of well-founded lattices. In: Proc. of FICS 2008. Electronic Notes in Theoretical Computer Science, vol. 212, pp. 225–239 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. INRIA Rennes, Campus de Beaulieu, 35042, Rennes Cedex, France

    Frédéric Besson & David Pichardie

  2. ENS Cachan (Bretagne), Campus de Ker Lann, 35170, Bruz, France

    David Cachera

  3. CNRS, Campus de Beaulieu, 35042, Rennes Cedex, France

    Thomas Jensen

Authors
  1. Frédéric Besson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Cachera
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Jensen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. David Pichardie
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Istituto di Scienze e Tecnologie dell’Informazione, Università degli Studi di Urbino “Carlo Bo”, Piazza della Repubblica 13, 61029, Urbino, Italy

    Alessandro Aldini

  2. IMDEA Software, UPM Facultad de Informatica, Campus Montegancedo, 28660, Boadilla del Monte, Madrid, Spain

    Gilles Barthe

  3. Dipartimento di Scienze dell’Informazione, Università degli Studi di Bologna, Mura Anteo Zamboni 7, 40127, Bologna, Italy

    Roberto Gorrieri

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Besson, F., Cachera, D., Jensen, T., Pichardie, D. (2009). Certified Static Analysis by Abstract Interpretation. In: Aldini, A., Barthe, G., Gorrieri, R. (eds) Foundations of Security Analysis and Design V. FOSAD FOSAD FOSAD 2009 2007 2008. Lecture Notes in Computer Science, vol 5705. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03829-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03829-7_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03828-0

  • Online ISBN: 978-3-642-03829-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics