Certificate size reduction in abstraction-carrying code*

Abstraction-Carrying Code (ACC) has recently been proposed as a framework for mobile code safety in which the code supplier provides a program together with an abstraction (or abstract model of the program) whose validity entails compliance with a predefined safety policy. The abstraction plays thus the role of safety certificate and its generation is carried out automatically by a fixpoint analyzer. The advantage of providing a (fixpoint) abstraction to the code consumer is that its validity is checked in a single pass (i.e., one iteration) of an abstract interpretation-based checker. A main challenge to make ACC useful in practice is to reduce the size of certificates as much as possible while at the same time not increasing checking time. The intuitive idea is to only include in the certificate information that the checker is unable to reproduce without iterating. We introduce the notion of reduced certificate which characterizes the subset of the abstraction which a checker needs in order to validate (and re-construct) the fall certificate in a single pass. Based on this notion, we instrument a generic analysis algorithm with the necessary extensions in order to identify the information relevant to the checker. Interestingly, the fact that the reduced certificate omits (parts of) the abstraction has implications in the design of the checker. We provide the sufficient conditions which allow us to ensure that 1) if the checker succeeds in validating the certificate, then the certificate is valid for the program (correctness) and 2) the checker will succeed for any reduced certificate which is valid (completeness). Our approach has been implemented and benchmarked within the CiaoPP system. The experimental results show t h a t our proposal is able to greatly reduce the size of certificates in practice. To appear in Theory and Practice of Logic Programming (TPLP).

[1]  Stefano Secci,et al.  Pair-Sharing Analysis of Object-Oriented Programs , 2005, SAS.

[2]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[3]  Jorge A. Navas,et al.  An Efficient, Parametric Fixpoint Algorithm for Analysis of Java Bytecode , 2007, Bytecode@ETAPS.

[4]  Jorge A. Navas,et al.  A Flexible, (C)LP-Based Approach to the Analysis of Object-Oriented Programs , 2008, LOPSTR.

[5]  Manuel V. Hermenegildo,et al.  Integrated program debugging, verification, and optimization using abstract interpretation (and the Ciao system preprocessor) , 2005, Sci. Comput. Program..

[6]  J. Lloyd Foundations of Logic Programming , 1984, Symbolic Computation.

[7]  Maurice Bruynooghe,et al.  A Practical Framework for the Abstract Interpretation of Logic Programs , 1991, J. Log. Program..

[8]  John Wylie Lloyd,et al.  Foundations of Logic Programming , 1987, Symbolic Computation.

[9]  Manuel V. Hermenegildo,et al.  Abstraction-Carrying Code: a Model for Mobile Code Safety , 2008, New Generation Computing.

[10]  Manuel V. Hermenegildo,et al.  Combined Determination of Sharing and Freeness of Program Variables through Abstract Interpretation , 1991, ICLP.

[11]  Manuel V. Hermenegildo,et al.  Optimized Algorithms for Incremental Analysis of Logic Programs , 1996, SAS.

[12]  Peter J. Stuckey,et al.  Programming with Constraints: An Introduction , 1998 .

[13]  Tobias Nipkow,et al.  Veried Bytecode Veriers , 2002 .

[14]  Hugo Herbelin,et al.  The Coq proof assistant : reference manual, version 6.1 , 1997 .

[15]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[16]  Manuel V. Hermenegildo,et al.  Compile-Time Derivation of Variable Dependency Using Abstract Interpretation , 1992, J. Log. Program..

[17]  Pascal Van Hentenryck,et al.  Experimental evaluation of a generic abstract interpretation algorithm for PROLOG , 1994, TOPL.

[18]  David Cachera,et al.  Extracting a Data Flow Analyser in Constructive Logic , 2004, ESOP.

[19]  Eva Rose,et al.  Lightweight Bytecode Verification , 2004, Journal of Automated Reasoning.

[20]  George C. Necula,et al.  Efficient representation and validation of proofs , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[21]  Xavier Leroy,et al.  Java bytecode verification : algorithms and formalizations Xavier Leroy INRIA Rocquencourt and Trusted Logic , 2003 .

[22]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[23]  Elvira Albert,et al.  Verification of Java Bytecode Using Analysis and Transformation of Logic Programs , 2007, PADL.

[24]  Peter J. Stuckey,et al.  Incremental analysis of constraint logic programs , 2000, TOPL.

[25]  Manuel V. Hermenegildo,et al.  Abstraction-Carrying Code , 2005, LPAR.

[26]  Tobias Nipkow,et al.  Verified Bytecode Verifiers , 2001, FoSSaCS.

[27]  Manuel V. Hermenegildo,et al.  The ciao system , 2013 .

[28]  George C. Necula,et al.  Oracle-based checking of untrusted software , 2001, POPL '01.

[29]  Thomas Jensen,et al.  A PCC Architecture based on Certified Abstract Interpretation , 2005 .

[30]  Peter J. Stuckey,et al.  A Practical Object-Oriented Analysis Engine for CLP , 1998, Softw. Pract. Exp..

[31]  Fausto Spoto,et al.  Information Flow Analysis for Java Bytecode , 2005, VMCAI.

[32]  Peter J. Stuckey,et al.  A practical object‐oriented analysis engine for CLP , 1998 .

[33]  Peter Sestoft,et al.  Partial evaluation and automatic program generation , 1993, Prentice Hall international series in computer science.

[34]  Furio Honsell,et al.  A framework for defining logics , 1993, JACM.

[35]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .

[36]  Gerda Janssens,et al.  Global analysis of constraint logic programs , 1996, TOPL.