Model-driven construction of certified binaries

Proof-Carrying Code (PCC) and Certifying Model Checking (CMC) are established paradigms for certifying the run-time behavior of programs. While PCC allows us to certify low-level binary code against relatively simple (e.g., memory-safety) policies, CMC enables the certification of a richer class of temporal logic policies, but is typically restricted to high-level (e.g., source) descriptions. In this paper, we present an automated approach to generate certified software component binaries from UML Statechart specifications. The proof certificates are constructed using information that is generated via CMC at the specification level and transformed, along with the component, to the binary level. Our technique combines the strengths of PCC and CMC, and demonstrates that formal certification technology is compatible with, and can indeed exploit, model-driven approaches to software development. We describe an implementation of our approach that targets the Pin component technology, and present experimental results on a collection of benchmarks.

[1]  Kedar S. Namjoshi,et al.  Certifying Model Checkers , 2001, CAV.

[2]  George C. Necula,et al.  A Gradual Approach to a More Trustworthy, Yet Scalable, Proof-Carrying Code , 2002, CADE.

[3]  Johann Schumann,et al.  Synthesizing Certified Code , 2002, FME.

[4]  Sagar Chaki,et al.  SAT-Based Software Certification , 2006, TACAS.

[5]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[6]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[7]  Daniel Plakosh,et al.  Pin Component Technology (V1.0) and Its C Interface , 2005 .

[8]  James Ivers,et al.  Snapshot of CCL: A Language for Predictable Assembly , 2003 .

[9]  Joël Ouaknine,et al.  State/Event-Based Software Model Checking , 2004, IFM.

[10]  Jeff Magee,et al.  Concurrency - state models and Java programs , 2006 .

[11]  George C. Necula,et al.  Efficient representation and validation of proofs , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[12]  Peter Lee,et al.  Temporal Logic for Proof-Carrying Code , 2002, CADE.

[13]  George C. Necula,et al.  Temporal-Safety Proofs for Systems Code , 2002, CAV.

[14]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[15]  Jörgen Hansson,et al.  Results of SEI Independent Research and Development Projects and Report on Emerging Technologies and Technology Trends , 2004 .

[16]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[17]  George C. Necula,et al.  Safe, Untrusted Agents Using Proof-Carrying Code , 1998, Mobile Agents and Security.

[18]  Zhong Shao,et al.  A Syntactic Approach to Foundational Proof-Carrying Code , 2004, Journal of Automated Reasoning.

[19]  Andrew W. Appel,et al.  Foundational proof-carrying code , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[20]  Kedar S. Namjoshi,et al.  Lifting Temporal Proofs through Abstractions , 2002, VMCAI.

[21]  Peter A. Lindsay,et al.  FME 2002:Formal Methods—Getting IT Right , 2002, Lecture Notes in Computer Science.

[22]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[23]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[24]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[25]  Sagar Chaki,et al.  Certified Binaries for Software Components , 2007 .

[26]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[27]  James Ivers,et al.  A Basis for Composition Language CL , 2002 .

[28]  Andrei Voronkov,et al.  Automated Deduction—CADE-18 , 2002, Lecture Notes in Computer Science.

[29]  Sharad Malik,et al.  Validating SAT solvers using an independent resolution-based checker: practical implementations and other applications , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[30]  Orna Kupferman,et al.  From complementation to certification , 2005, Theor. Comput. Sci..

[31]  George C. Necula,et al.  Oracle-based checking of untrusted software , 2001, POPL '01.

[32]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[33]  Natasha Sharygina,et al.  Overview of ComFoRT: A Model Checking Reasoning Framework , 2004 .