Skip to main content Accessibility help
×
×
Home

Modular development of certified program verifiers with a proof assistant1,2

  • ADAM CHLIPALA (a1)
Abstract

We report on an experience using the Coq proof assistant to develop a program verification tool with a machine-checked proof of full correctness. The verifier is able to prove memory safety of x86 machine code programs compiled from code that uses algebraic datatypes. The tool's soundness theorem is expressed in terms of the bit-level semantics of x86 programs, so its correctness depends on very few assumptions. We take advantage of Coq's support for programming with dependent types and modules in the structure of the development. The approach is based on developing a library of reusable functors for transforming a verifier at one level of abstraction into a verifier at a lower level. Using this library, it is possible to prototype a verifier based on a new type system with a minimal amount of work, while obtaining a very strong soundness theorem about the final product.

Copyright
Footnotes
Hide All
1

This is a revised and extended version of the paper that appeared in the 11th ACM SIGPLAN International Conference on Functional Programming (ICFP'06) (Chlipala 2006).

2

This research was supported in part by a National Defense Science and Engineering Graduate Fellowship and National Science Foundation Grants CCF-0524784, CCR-0234689, CNS-0509544, and CCR-0225610.

Footnotes
References
Hide All
Appel, Andrew W. (2001) Foundational proof-carrying code. In LICS '01: Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science. Boston, MA, USA, pp. 247256.
Bertot, Yves. (2001) Formalizing a JVML verifier for initialization in a theorem prover. In CAV '01: Proceedings of the 13th International Conference on Computer Aided Verification. Paris, France, pp. 14–24.
Bertot, Yves & Castéran, Pierre. (2004) Interactive Theorem Proving and Program Development. Coq'Art: The Calculus of Inductive Constructions. Texts in Theoretical Computer Science. Springer Verlag, Berlin.
Besson, Frée}déeric, Jensen, Thomas & Pichardie, David. (2006) Proof-carrying code from certified abstract interpretation and fixpoint compression. Theor. Comput. Sci. 364 (3), 273291.
Chang, Bor-Yuh Evan, Chlipala, Adam, Necula, George C. & Schneck, Robert R. (January 2005) The {open} {verifier framework for foundational verifiers. In TLDI'05: Proceedings of the 2nd ACM Workshop on Types in Language Design and Implementation, Long Beach, CA, USA.
Cachera, David, Jensen, Thomas, Pichardie, David & Rusu, Vlad. (2005) Extracting a data flow analyser in constructive logic. Theor. Comput. Sci., 342 (1), 5678.
Chang, Bor-Yuh Evan, Chlipala, Adam & Necula, George C. (2006) A framework for certified program analysis and its applications to mobile-code safety. In VMCAI '06: Proceedings of the Seventh International Conference on Verification, Model Checking, and Abstract Interpretation. Charleston, South Carolina, USA, pp. 174–189.
Chen, Chiyan & Xi, Hongwei. (2005) Combining programming with theorem proving. In ICFP '05: Proceedings of the Tenth ACM SIGPLAN International Conference on Functional Programming. Tallinn, Estonia, pp. 66–77.
Chlipala, Adam. (2006) Modular development of certified program verifiers with a proof assistant. In ICFP '06: Proceedings of the Eleventh ACM SIGPLAN International Conference on Functional Programming. Portland, OR, USA, pp. 160–171.
Cousot, Patrick & Cousot, Radhia. (1977) Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL'77: Proceedings of the 4th ACM Symposium on Principles of Programming Languages. Los Angeles, CA, USA, pp. 234–252.
Crary, Karl. (2003) Toward a foundational typed assembly language. In POPL '03: Proceedings of the 30th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. New Orleans, LA, USA, pp. 198–212.
Delahaye, David. (2000) A tactic language for the system Coq. In LPAR '00: Proceedings of the 7th International Conference on Logic for Programming and Automated Reasoning. Reunion Island, France, pp. 85–95.
Detlefs, David L., Leino, K. Rustan, M., Nelson, Greg & Saxe, James B. (1998) Extended static checking. In SRC Research Report 159. Compaq Systems Research Center, Palo Alto.
Dijkstra, Edsger W. (1976) A Discipline of Programming. Englewood Cliffs, NJ: Prentice Hall PTR.
Feng, Xinyu, Ni, Zhaozhong, Shao, Zhong & Guo, Yu. (January 2007) An open framework for foundational proof-carrying code. In TLDI'07: Proceedings of the 2007 ACM SIGPLAN International Workshop on Types in Language Design and Implementation. Nice, France, pp. 67–78.
Filliatre, Jean-Christophe & Letouzey, Pierre. (2004) Functors for proofs and programs. In ESOP '04: Proceedings of the 13th European Symposium on Programming. Barcelona, Spain, pp. 370–384.
Giménez, Eduardo. (1995) Codifying guarded definitions with recursive schemes. In TYPES '94: Selected Papers from the International Workshop on Types for Proofs and Programs, Båstad, Sweden, pp. 39–59.
Hamid, Nadeem A., Shao, Zhong, Trifonov, Valery, Monnier, Stefan & Ni, Zhaozhong. (2003) A syntactic approach to foundational proof-carrying code. J. Automated Reasoning 31 (3–4), 191229.
Intel. (2006) IA-32 Intel Architecture Software Developer's Manual, Vol. 2: Instruction set reference.
Klein, Gerwin & Nipkow, Tobias. (2001) Verified lightweight bytecode verification. Concurrency – Practice and Experience 13 (1), 11331151.
Lerner, Sorin, Millstein, Todd, Rice, Erika & Chambers, Craig. (2005) Automated soundness proofs for dataflow analyses and transformations via local rules. In POPL '05: Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. Long Beach, CA, USA, pp. 364–377.
Leroy, Xavier. (2006a) Coinductive big-step operational semantics. In ESOP '06: Proceedings of the 15th European Symposium on Programming. Vienna, Austria, pp. 54–68.
Leroy, Xavier. (2006b) Formal certification of a compiler back-end or: Programming a compiler with a proof assistant. In POPL '06: Conference record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. Charleston, SC, USA, pp. 42–54.
MacQueen, David. (1984) Modules for standard ML. In LFP '84: Proceedings of the 1984 ACM Symposium on LISP and Functional Programming. Austin, TX, USA, pp. 198–207.
Martin-Löf, Per. (1996) On the meanings of the logical constants and the justifications of the logical laws. Nordic J. Philos. Logic 1 (1), 1160.
McBride, Conor & McKinna, James. (2004) The view from the left. J. Funct. Programming 14 (1), 69111.
Morrisett, Greg, Crary, Karl, Glew, Neal, Grossman, Dan, Samuels, Richard, Smith, Frederick, Walker, David, Weirich, Stephanie & Zdancewic, Steve. (1999b) TALx86: A realistic typed assembly language. In Proceedings of the 1999 ACM SIGPLAN Workshop on Compiler Support for System Software. Atlanta, GA, USA, pp. 25–35.
Morrisett, Greg, Crary, Karl, Glew, Neal & Walker, David. (2003) Stack-based typed assembly language. J. Funct. Programming 13 (5), 957959.
Morrisett, Greg, Walker, David, Crary, Karl & Glew, Neal. (1999a) From system F to typed assembly language. ACM Trans. Programming Languages Syst. 21 (3), 527568.
Necula, George C. (1997) Proof-carrying code. In POPL '97: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. Paris, France, pp. 106–119.
Necula, George C. & Lee, Peter. (1998) The design and implementation of a certifying compiler. In PLDI '98: Proceedings of the ACM SIGPLAN 1998 Conference on Programming Language Design and Implementation. Montreal, Quebec, Canada, pp. 333–344.
Sheard, Tim. (2004) Languages of the future. In OOPSLA '04: Companion to the 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications. Vancouver, BC, Canada, pp. 116–119.
Smith, Frederick, Walker, David & Morrisett, J. Gregory. (2000) Alias types. In ESOP '00: Proceedings of the 9th European Symposium on Programming. Berlin, Germany, pp. 366–381.
Wadler, Philip. (1992) The essence of functional programming. In POPL '92: Proceedings of the 19th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. Albuquerque, NM, USA, pp. 1–14.
Westbrook, Edwin, Stump, Aaron & Wehrman, Ian. (2005) A language-based approach to functionally correct imperative programming. In ICFP '05: Proceedings of the Tenth ACM SIGPLAN International Conference on Functional Programming. Tallinn, Estonia, pp. 268–279.
Wu, Dinghao, Appel, Andrew W. & Stump, Aaron. (2003) Foundational proof checkers with small witnesses. In PPDP '03: Proceedings of the 5th ACM SIGPLAN International Conference on Principles and Practice of Declarative Programming. Uppsala, Sweden, pp. 264–274.
Recommend this journal

Email your librarian or administrator to recommend adding this journal to your organisation's collection.

Journal of Functional Programming
  • ISSN: 0956-7968
  • EISSN: 1469-7653
  • URL: /core/journals/journal-of-functional-programming
Please enter your name
Please enter a valid email address
Who would you like to send this to? *
×
Type Description Title
UNKNOWN
Supplementary materials

Chlipala Supplementary Material
Supplementary.zip

 Unknown (532 KB)
532 KB

Metrics

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed

Modular development of certified program verifiers with a proof assistant1,2

  • ADAM CHLIPALA (a1)
Submit a response

Discussions

No Discussions have been published for this article.

×

Reply to: Submit a response


Your details


Conflicting interests

Do you have any conflicting interests? *