ABSTRACT
In this paper, we introduce a model-checking-based certification technique called search-carrying code (SCC). SCC is an adaptation of the principles of proof-carrying code, in which program certification is reduced to checking a provided safety proof. In SCC, program certification is an efficient re-examination of a program's state space. A code producer, who offers a program for use, provides a search script that encodes a search of the program's state space. A code consumer, who wants to certify that the program fits her needs, uses the search script to direct how a model checker searches the program's state space.
Basic SCC achieves slight reductions in certification time, but it can be optimized in two important ways. (1) When a program comes from a trusted source, SCC certification can forgo authenticating the provided search script and instead optimize for speed of certification. (2) The search script can be partitioned into multiple partial certification tasks of roughly equal size, which can be performed in parallel. Using parallel model checking, we reduce the certification times by a factor of up to n, for n processors. When certifying a program from a trusted source, we reduce the certification times by a factor of up to 5n, for n processors.
- }}A. Ahmed, A. W. Appel, C. D. Richards, K. N. Swadi, G. Tan, and D. C. Wang. Semantic foundations for typed assembly languages. ACM Trans. Program. Lang. Syst., 32(3):1--67, 2010. Google ScholarDigital Library
- }}J. Barnat, L. Brim, and P. Rockai. Scalable multi-core LTL model-checking. In SPIN, pages 187--203, 2007. Google ScholarDigital Library
- }}J. Barnat and P. Ročkai. Shared hash tables in parallel model checking. Elect. Notes Theor. Comp. Sci., 198(1):79--91, 2008. Google ScholarDigital Library
- }}F. Besson, T. Jensen, and T. Turpin. Small witnesses for abstract interpretation-based proofs. In Proceedings of the 16th European conference on Programming, pages 268--283, 2007. Google ScholarDigital Library
- }}P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proc. of Princ. of Prog. Lang., pages 238--252, 1977. Google ScholarDigital Library
- }}D. Davies. http://ddavies.home.att.net/NewSimulator.html.Google Scholar
- }}M. B. Dwyer, J. Hatcliff, M. Hoosier, V. Ranganath, and T. Wallentine. Evaluating the effectiveness of slicing for model reduction of concurrent object-oriented programs. In Proc. of the Conf. on Tools and Algorithms for the Construction and Analysis of Systems, pages 73--89, 2006. Google ScholarDigital Library
- }}M. B. Dwyer, J. Hatcliff, R. Joehanes, S. Laubach, C. S. Păsăreanu, H. Zheng, and W. Visser. Tool-supported program abstraction for finite-state verification. In Proc. of Int. Conf. on Software Engineering, pages 177--187, 2001. Google ScholarDigital Library
- }}E. A. Emerson and A. P. Sistla. Symmetry and model checking. Form. Meth. System Design, 9(1-2):105--131, 1996. Google ScholarDigital Library
- }}P. Godefroid. Partial-order methods for the verification of concurrent systems: An approach to the state-explosion problem. In Lecture Notes in Computer Science, volume 1032, 1996. Google ScholarDigital Library
- }}J. Hatcliff, M. B. Dwyer, C. S. P&3259;săreanu, and Robby. Foundations of the bandera abstraction tools. In The essence of computation: complexity, analysis, transformation, pages 172--203, 2002. Google ScholarDigital Library
- }}C. P. Inggs and H. Barringer. Ctl* model checking on a shared-memory architecture. Form. Methods Syst. Des., 29(2):135--155, 2006. Google ScholarDigital Library
- }}R. Kumar and E. Mercer. Load balancing parallel explicit state model checking. In Workshop on Parallel and Distributed Methods in Verification, pages 19--34, 2005.Google ScholarDigital Library
- }}O. Kupferman and M. Y. Vardi. Model checking of safety properties. Form. Methods Syst. Des., 19(3):291--314, 2001. Google ScholarDigital Library
- }}S. Lauterburg, A. Sobeih, D. Marinov, and M. Viswanathan. Incremental state-space exploration for programs with dynamically allocated data. In Proc. of 30th Int. Conf. on Software Engineering, pages 291--300, 2008. Google ScholarDigital Library
- }}A. Miller, A. Donaldson, and M. Calder. Symmetry in temporal logic model checking. ACM Comp. Surv., 38(3), 2006. Google ScholarDigital Library
- }}Nasa. Java pathfinder, version 4. In http://javapathfinder.sourceforge.net, 2007.Google Scholar
- }}G. C. Necula. Proof-carrying code. In Symp. on Prin. of Programming Languages, pages 106--119, 1997. Google ScholarDigital Library
- }}Z. Ni and Z. Shao. Certified assembly programming with embedded code pointers. In 33rd ACM SIGPLAN-SIGACT Symp. on Principles of Prog. Languages, pages 320--333, 2006. Google ScholarDigital Library
- }}D. M. Nicol and G. Ciardo. Automated parallelization of discrete state-space generation. Journal Parallel Distributed Computing, 47(2):153--167, 1997. Google ScholarDigital Library
- }}D. Park, U. Stern, and D. Dill. http://verify.stanford.edu/uli/icse/workshop.html.Google Scholar
- }}PKZIP. Zip, 1989.Google Scholar
- }}Santos Laboratory. http://www.cis.ksu.edu/santos/casestudies/counterexample_case_study.Google Scholar
- }}R. Sekar, V. N. Venkatakrishnan, S. Basu, S. Bhatkar, and D. C. Duvarney. Model-carrying code: a practical approach for safe execution of untrusted applications. In Proc. of 19th Symp. on Operating Sys. Principles, pages 15--28, 2003. Google ScholarDigital Library
- }}U. Stern and D. L. Dill. Parallelizing the Murφ verifier. In Proc. of the Conf. on Computer Aided Verification 97, volume 1254, pages 256--267, 1997. Google ScholarDigital Library
- }}A. Taleghani. Using software model checking for software component certification. In Companion Proc. of ACM/IEEE Int. Conf. on Soft. Eng., pages 99--100, 2007. Google ScholarDigital Library
- }}W. Visser, G. Brat, K. Havelund, and S. Park. Model checking programs. In Proc. of Int. Conf. on Automated Software Engineering, pages 3--12, 2000. Google ScholarDigital Library
- }}M. Weiser. Program slicing. In Proc. of Int. Conf. on Software Engineering, pages 439--449, 1981. Google ScholarDigital Library
- }}S. Xia and J. Hook. Certifying temporal properties for compiled C programs. In Proc. of the Conf. on Verif., Model Check., and Abstr. Interpret., pages 161--174, 2004.Google ScholarCross Ref
Index Terms
- Search-carrying code
Recommendations
Code-carrying theory
SAC '08: Proceedings of the 2008 ACM symposium on Applied computingCode-Carrying Theory (CCT) is an alternative to the Proof-Carrying Code (PCC) approach to secure delivery of code. With PCC, code is accompanied by assertions and a proof of correctness or of other required properties. The code consumer does not accept ...
What Is a Requirements Engineer?
The lack of a clear definition about what constitutes a requirements engineer is problematic. Companies trying to establish clear RE responsibilities don't have clear standards on how to train their people, define the role, or choose the right people ...
Comments