1 / 8

Compositional Verifiers for Mobile Code Safety

Compositional Verifiers for Mobile Code Safety. Bor-Yuh Evan Chang Adam Chlipala George C. Necula May 12, 2005 OSQ Retreat Santa Cruz, California. code. OR. type checker. Type Safety as an Assurance Mechanism. Type checking is a well-accepted safety assurance mechanism

kaelem
Télécharger la présentation

Compositional Verifiers for Mobile Code Safety

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Compositional Verifiers for Mobile Code Safety Bor-Yuh Evan Chang Adam Chlipala George C. Necula May 12, 2005 OSQ Retreat Santa Cruz, California

  2. code OR type checker Type Safety as an Assurance Mechanism • Type checking is a well-accepted safety assurance mechanism • Most checkers today: • source-level (e.g. ML, C#, Java) • bytecode-level (e.g. CLI, JVML) • not assembly-level Want: a straightforward extension to assembly-level checking … pushl %ebp movl %esp, %ebp subl $8, %esp movl 12(%ebp), %eax subl $8, %esp movl (%eax), %edx addl $28, %edx pushl $3 pushl %eax movl (%edx), %eax call *%eax … Compositional Verifiers for Mobile Code Safety

  3. Problem • Verifiers for lower-level code are more difficult and tedious to build • Observation 1: Many verification tasks are common to large classes of verifiers • stack overflow checks, adherence to the calling convention (almost all) • dynamic dispatch (object-oriented languages) • Observation 2: Various intermediate-level languages abstract various details Compositional Verifiers for Mobile Code Safety

  4. Basic Idea mem[sp] := 6 sp := sp – 4 jumpfunc push 6 jumpfunc callfunc(6) Stack verifier Call verifier Type verifier Compositional Verifiers for Mobile Code Safety

  5. jumpfunc state Verifier Construction • Verifiers are typically phrased as abstract interpreters or data-flow analyses Call verifier state’ Compositional Verifiers for Mobile Code Safety

  6. callfunc(6) state Verifier Construction Call verifier Type verifier state’ Compositional Verifiers for Mobile Code Safety

  7. Decompile Decompile jumpfunc state Step Step Composing Flow Functions Call verifier Type verifier callfunc(6) callfunc(6) callfunc(6) state state’’ state’’ state’ state’ Compositional Verifiers for Mobile Code Safety

  8. Summary • Intermediate languages seem useful for interfacing between abstract interpreters • Re-use of existing higher-level verifiers (e.g. JBV) • Decomposed abstract transition into • a decompilation phase • a transition phase to expose the abstraction to “higher-level” verifiers • Local decomposition of abstract transition hopefully makes soundness proofs of a composed verifier compositional Compositional Verifiers for Mobile Code Safety

More Related