Resource Bound Certiication

Various code certiication systems allow the certiication and static veriication of important safety properties such as memory and control-ow safety. These systems are valuable tools for verifying that untrusted and potentially malicious code is safe before execution. However, one important safety property that is not usually included is that programs adhere to speciic bounds on resource consumption, such as running time. We present a decidable type system capable of specifying and certifying bounds on resource consumption. Our system makes two advances over previous resource bound certiica-tion systems, both of which are necessary for a practical system: We allow the execution time of programs and their subroutines to vary, depending on their arguments, and we provide a fully automatic compiler generating certiied ex-ecutables from source-level programs. The principal device in our approach is a strategy for simulating dependent types using sum and inductive kinds. 1 Introduction A current trend in systems software is to allow untrusted extensions to be installed in protected services, relying on language technology to protect the integrity of the service instead of hardware-based protection mechanisms 11, 20, 1, 16, 14]. For example, the SPIN project 1] relies on the Modula-3 type system to protect an operating system kernel from erroneous extensions. Similarly, web browsers rely on the Java Virtual Machine bytecode veriier 11] to protect users from malicious applets. In both situations, the goal is to eliminate expensive inter-process communications or boundary crossings by allowing extensions to access directly the resources they require. Recently, Necula and Lee 16, 15] have proposed Proof-Carrying Code (PCC) and Morrisett et al. 14] have proposed Typed Assembly Language (TAL) as language technologies that provide the security advantages of high-level languages, but without the overheads of interpretation or just-in-time compilation. In both systems, low-level machine code can be heavily optimized, by hand or by compiler , and yet be automatically veriied through proof-or type-checking.

[1]  J. Girard Une Extension De ĽInterpretation De Gödel a ĽAnalyse, Et Son Application a ĽElimination Des Coupures Dans ĽAnalyse Et La Theorie Des Types , 1971 .

[2]  N. P. Mendler,et al.  Inductive Types and Type Constraints in the Second-Order lambda Calculus , 1991, Ann. Pure Appl. Log..

[3]  T. Anderson,et al.  Eecient Software-based Fault Isolation , 1993 .

[4]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[5]  David K. Gifford,et al.  Static dependent costs for estimating execution time , 1994, LFP '94.

[6]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[7]  Robert Harper,et al.  Compiling polymorphism using intensional type analysis , 1995, POPL '95.

[8]  Amr Sabry,et al.  Proving the correctness of reactive systems using sized types , 1996, POPL '96.

[9]  Frank Yellin,et al.  The java virtual machine , 1996 .

[10]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[11]  George C. Necula,et al.  Safe, Untrusted Agents Using Proof-Carrying Code , 1998, Mobile Agents and Security.

[12]  George C. Necula,et al.  The design and implementation of a certifying compiler , 1998, PLDI.

[13]  Karl Crary,et al.  Intensional polymorphism in type-erasure semantics , 1998, ICFP '98.

[14]  Karl Crary,et al.  From system F to typed assembly language , 1999, TOPL.

[15]  David Walker,et al.  Typed memory management in a calculus of capabilities , 1999, POPL '99.

[16]  Dan Grossman,et al.  TALx86: A Realistic Typed Assembly Language∗ , 1999 .

[17]  Karl Crary,et al.  Flexible type analysis , 1999, ICFP '99.

[18]  John Hughes,et al.  Recursion and dynamic data-structures in bounded space: towards embedded ML programming , 1999, ICFP '99.

[19]  Martin Hofmann,et al.  Linear types and non-size-increasing polynomial time computation , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[20]  H Xi,et al.  Dependent Types in Practical Programming. Extended Abstract. , 1999 .

[21]  MorrisettGreg,et al.  From system F to typed assembly language , 1999 .