skip to main content
research-article
Free Access

Certificate translation for optimizing compilers

Published:03 July 2009Publication History
Skip Abstract Section

Abstract

Proof Carrying Code provides trust in mobile code by requiring certificates that ensure the code adherence to specific conditions. The prominent approach to generate certificates for compiled code is Certifying Compilation, that automatically generates certificates for simple safety properties.

In this work, we present Certificate Translation, a novel extension for standard compilers that automatically transforms formal proofs for more expressive and complex properties of the source program to certificates for the compiled code.

The article outlines the principles of certificate translation, instantiated for a nonoptimizing compiler and for standard compiler optimizations in the context of an intermediate RTL Language.

References

  1. ]]Bannwart, F. Y. and Müller, P. 2005. A program logic for bytecode. Electron. Notes Theoret. Comput. Sci. 141, 255--273. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. ]]Barnett, M., Chang, B.-Y. E., DeLine, R., Jacobs, B., and Leino, K. R. M. 2005. Boogie: A modular reusable verifier for object-oriented programs. In Formal Methods for Components and Objects. Lecture Notes in Computer Science, vol. 4111. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. ]]Barnett, M., Leino, K. R. M., and Schulte, W. 2005. The Spec# programming system: An overview. In Construction and Analysis of Safe, Secure and Interoperable Smart Devices: Proceedings of the International Workshop CASSIS 2004, G. Barthe, L. Burdy, M. Huisman, J.-L. Lanet, and T. Muntean, Eds. Lecture Notes in Computer Science, vol. 3362. Springer-Verlag, 151--171. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. ]]Barrett, C. W., Fang, Y., Goldberg, B., Hu, Y., Pnueli, A., and Zuck, L. D. 2005. Tvoc: A translation validator for optimizing compilers. In Proceedings of the International Conference on Computer-Aided Verification, K. Etessami and S. K. Rajamani, Eds. Lecture Notes in Computer Science, vol. 3576, Springer-Verlag, 291--295. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. ]]Barthe, G., Burdy, L., Charles, J., Grégoire, B., Huisman, M., Lanet, J.-L., Pavlova, M., and Requet, A. 2007. JACK: A tool for validation of security and behaviour of Java applications. In Formal Methods for Components and Objects: Revised Lectures from the 5th International Symposium (FMCO'06). Lecture Notes in Computer Science, vol. 4709, Springer-Verlag, 152--174. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. ]]Barthe, G., Grégoire, B., Kunz, C., and Rezk, T. 2006. Certificate translation for optimizing compilers. In Proceedings of the Static Analysis Symposium, K. Yi, Ed. Lecture Notes in Computer Science. vol. 4134, Springer-Verlag, 301--317. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. ]]Barthe, G., Grégoire, B., and Pavlova, M. 2008. Preservation of proof obligations for Java. In International Joint Conference on Automated Reasoning. Lecture Notes in Computer Science. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. ]]Barthe, G. and Kunz, C. 2008. Certificate translation in abstract interpretation. In European Symposium on Programming. Lecture Notes in Computer Science, vol. 4960. Springer-Verlag, 368--382. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. ]]Barthe, G., Naumann, D., and Rezk, T. 2006. Deriving an information flow checker and certifying compiler for Java. In Proceedings of the Symposium on Security and Privacy. IEEE Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. ]]Barthe, G., T. Rezk, and Saabas, A. 2005. Proof obligations preserving compilation. In Workshop on Formal Aspects in Security and Trust, T. Dimitrakos, F. Martinelli, P. Ryan, and S. Schneider, Eds. Lecture Notes in Computer Science, vol. 3866. Springer-Verlag, 112--126. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. ]]Bertot, Y., Grégoire, B., and Leroy, X. 2004. A structured approach to proving compiler optimizations based on dataflow analysis. In TYPES, J. Filliâtre, C. Paulin-Mohring, and B. Werner, Eds. Lecture Notes in Computer Science, vol. 3839. Springer, 66--81. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. ]]Blazy, S., Dargaye, Z., and Leroy, X. 2006. Formal verification of a c compiler front-end. In Proceedings of the International Conference on Formal Methods (FM), J. Misra, T. Nipkow, and E. Sekerinski, Eds. Lecture Notes in Computer Science, vol. 4085. Springer, 460--475. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. ]]Burdy, L., Cheon, Y., Cok, D., Ernst, M., Kiniry, J., Leavens, G., Leino, K., and Poll, E. 2003. An overview of JML tools and applications. In Proceedings of the Workshop on Formal Methods for Industrial Critical Systems. Electronic Notes in Theoretical Computer Science, vol. 80. Elsevier, 73--89.Google ScholarGoogle Scholar
  14. ]]Burdy, L. and Pavlova, M. 2006. Java bytecode specification and verification. In Proceedings of the Symposium on Applied Computing. ACM Press, 1835--1839. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. ]]Chalin, P., Kiniry, J. R., Leavens, G. T., and Poll, E. 2006. Beyond assertions: Advanced specification and verification with JML and ESC/Java2. In Formal Methods for Components and Objects, Lecture Notes in Computer Science, vol. 4111. 342--363. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. ]]Guttman, J. D. and Wand, M. 1995. Special issue on VLISP. Lisp Symbol. Comput. 8, 1/2. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. ]]Laud, P., Uustalu, T., and Vene, V. 2006. Type systems equivalent to data-flow analyses for imperative languages. Theoret. Comput. Sci. 364, 3, 292--310. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. ]]Leino, K. R. M. 2006. Specifying and verifying programs in spec#. In Proceedings of the Ershov Memorial Conference, I. Virbitskaite and A. Voronkov, Eds. Lecture Notes in Computer Science, vol. 4378. Springer, 20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. ]]Leino, K. R. M. and Schulte, W. 2004. Exception safety for c#. In Proceedings of the International Conference on Software Engineering and Formal Methods. IEEE Computer Society, 218--227. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. ]]Lerner, S., Millstein, T., Rice, E., and Chambers, C. 2005. Automated soundness proofs for dataflow analyses and transformations via local rules. In Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'05). ACM, New York, 364--377. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. ]]Leroy, X. 2006a. Coinductive big-step operational semantics. In Programming Languages and Systems: Proceedings of the 15th European Symposium on Programming, (ESOP'06). Lecture Notes in Computer Science, vol. 3924. Springer-Verlag, 54--68. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. ]]Leroy, X. 2006b. Formal certification of a compiler back-end or: Programming a compiler with a proof assistant. In Principles of Programming Languages, J. G. Morrisett and S. L. P. Jones, Eds. ACM Press, 42--54. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. ]]Müller, P. and Nordio, M. 2007. Proof-transforming compilation of programs with abrupt termination. In Proceedings of the Conference on Specification and Verification of Component-Based Systems (SAVCBS'07). ACM, New York, NY, 39--46. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. ]]Necula, G. 1998. Compiling with proofs. Ph.D. thesis, Carnegie Mellon University. Tech. rep. CMU-CS-98-154. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. ]]Necula, G. C. 1997. Proof-carrying code. In Principles of Programming Languages. ACM Press, New York, 106--119. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. ]]Necula, G. C. 2000. Translation validation for an optimizing compiler. ACM SIGPLAN Not. 35, 5, 83--94. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. ]]Necula, G. C. and Lee, P. 1998. The design and implementation of a certifying compiler. In Programming Languages Design and Implementation. Vol. 33. ACM Press, New York, 333--344. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. ]]Nordio, M., Müller, P., and Meyer, B. 2008a. Formalizing proof-transforming compilation of eiffel programs. Tech. rep. 587, ETH Zurich.Google ScholarGoogle Scholar
  29. ]]Nordio, M., Müller, P., and Meyer, B. 2008b. Proof-transforming compilation of eiffel programs. In TOOLS-EUROPE, R. Paige, Ed. Lecture Notes in Business and Information Processing. Springer-Verlag.Google ScholarGoogle Scholar
  30. ]]Pnueli, A., Singerman, E., and Siegel, M. 1998. Translation validation. In Tools and Algorithms for the Construction and Analysis of Systems, B. Steffen, Ed. Lecture Notes in Computer Science, vol. 1384. Springer-Verlag, 151--166. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. ]]Rival, X. 2004. Symbolic transfer functions-based approaches to certified compilation. In Principles of Programming Languages. ACM Press, 1--13. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. ]]Saabas, A. and Uustalu, T. 2008. Program and proof optimizations with type systems. J. Logic Algebra. Program. 77, 1--2, 131--154.Google ScholarGoogle ScholarCross RefCross Ref
  33. ]]Seo, S., Yang, H., and Yi, K. 2003. Automatic construction of Hoare proofs from abstract interpretation results. In Proceedings of the Asian Programming Languages and Systems Symposium, A. Ohori, Ed. Lecture Notes in Computer Science, vol. 2895. Springer-Verlag, 230--245.Google ScholarGoogle Scholar
  34. ]]Shao, Z., Trifonov, V., Saha, B., and Papaspyrou, N. 2005. A type system for certified binaries. ACM Trans. Program. Lang. Syst. 27, 1, 1--45. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. ]]Strecker, M. 2002. Formal Verification of a Java Compiler in Isabelle. In Proceedings of the Conference on Automated Deduction, A. Voronkov, Ed. Lecture Notes in Computer Science, vol. 2392. Springer-Verlag, 63--77. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. ]]Tarditi, D., Morrisett, J. G., Cheng, P., Stone, C., Harper, R., and Lee, P. 1996. TIL: A type-directed optimizing compiler for ML. In Programming Languages Design and Implementation. ACM, 181--192. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. ]]Tristan, J. and Leroy, X. 2008. Formal verification of translation validators: A case study on instruction scheduling optimizations. SIGPLAN Not. 43, 1, 17--27. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. ]]Wildmoser, M., Chaieb, A., and Nipkow, T. 2005. Bytecode analysis for proof carrying code. In Bytecode Semantics, Verification, Analysis and Transformation, F. Spoto, Ed. Electronic Notes in Theoretical Computer Science, vol. 141. Elsevier. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. ]]Zuck, L. D., Pnueli, A., Fang, Y., and Goldberg, B. 2002. Voc: A translation validator for optimizing compilers. Electron. Notes Theor. Comput. Sci. 65, 2.Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. Certificate translation for optimizing compilers

            Recommendations

            Reviews

            Prahladavaradan Sampath

            Compiler verification is an important special case of program verification. It deals with correctness proofs of a program (compiler) that translate input programs into output programs. Barthe et al. tackle an interesting amalgam of the generic and specific by building a framework for translating proofs of assertions for source programs into equivalent proofs for the compiled programs. The paper is set in the context of a proof-carrying code framework. It addresses the technical problem of generating proofs for programs that have undergone optimization transformations that induce, in general, transformations in both assertions and their proofs. The paper assumes that a source program is already certified-that is, it already contains all necessary proofs for assertions-and that certifying analyzers exist that can generate proofs for analysis results. Another mild but technically crucial assumption made is that the programs are well annotated; this assumption induces an induction principle that is essential for proofs in the paper. For each optimization step, assertions in the program are strengthened with program analysis information. Proofs of source program assertions are then translated into proofs of the strengthened properties in the optimized program. Barthe et al. show how this can be achieved for a range of optimizations, including function inlining, register allocation, and dead code elimination. This paper's mainly theoretical contribution is based on a simplistic register transfer language that is extended with assertions. It is well written and presents the basic concepts clearly. Barthe et al. are one step closer to the ultimate goal of trusted computing. Online Computing Reviews Service

            Access critical reviews of Computing literature here

            Become a reviewer for Computing Reviews.

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            • Published in

              cover image ACM Transactions on Programming Languages and Systems
              ACM Transactions on Programming Languages and Systems  Volume 31, Issue 5
              June 2009
              152 pages
              ISSN:0164-0925
              EISSN:1558-4593
              DOI:10.1145/1538917
              Issue’s Table of Contents

              Copyright © 2009 ACM

              Publisher

              Association for Computing Machinery

              New York, NY, United States

              Publication History

              • Published: 3 July 2009
              • Accepted: 1 November 2008
              • Revised: 1 April 2008
              • Received: 1 October 2007
              Published in toplas Volume 31, Issue 5

              Permissions

              Request permissions about this article.

              Request Permissions

              Check for updates

              Qualifiers

              • research-article
              • Research
              • Refereed

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!