Extracting a Data Flow Analyser in Constructive Logic

We show how to formalise a constraint-based data flow analysis in the specification language of the Coq proof assistant. This involves defining a dependent type of lattices together with a library of lattice functors for modular construction of complex abstract domains. Constraints are expressed in an intermediate representation that allows for both efficient constraint resolution and correctness proof of the analysis with respect to an operational semantics. The proof of existence of a correct, minimal solution to the constraints is constructive which means that the extraction mechanism of Coq provides a provably correct data flow analyser in ocaml. The library of lattices together with the intermediate representation of constraints are defined in an analysis-independent fashion that provides a basis for a generic framework for proving and extracting static analysers in Coq.

[1]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[2]  Chris Okasaki,et al.  Fast Mergeable Integer Maps , 1998 .

[3]  Flemming Nielson,et al.  Flow Logics for Constraint Based Analysis , 1998, CC.

[4]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[5]  F. Prost Interpretation de l'analyse statique en theorie des types , 1999 .

[6]  Zhenyu Qian,et al.  Toward a provably-correct implementation of the JVM bytecode verifier , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[7]  Renaud Marlet,et al.  Syntax of the JCVM Language To Be Studied in the SecSafe Project , 2001 .

[8]  Gilles Barthe,et al.  Jakarta: A Toolset for Reasoning about JavaCard , 2001, E-smart.

[9]  Yves Bertot,et al.  Formalizing a JVML Verifier for Initialization in a Theorem Prover , 2001, CAV.

[10]  Ewen Denney The synthesis of a Java card tokenisation algorithm , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[11]  Daniel Le Métayer,et al.  Model Checking Security Properties of Control Flow Graphs , 2001, J. Comput. Secur..

[12]  Gilles Barthe,et al.  A Formal Executable Semantics of the JavaCard Platform , 2001, ESOP.

[13]  René Rydhof Hansen Flow Logic for Carmel , 2002 .

[14]  Lilian Burdy,et al.  Formal development of an embedded verifier for Java Card byte code , 2002, Proceedings International Conference on Dependable Systems and Networks.

[15]  Tobias Nipkow,et al.  Veried Bytecode Veriers , 2002 .

[16]  T. Jensen,et al.  A Java Card CAP converter in PVS , 2004, COCV@ETAPS.

[17]  J. van Leeuwen,et al.  Theoretical Computer Science , 2003, Lecture Notes in Computer Science.

[18]  Tobias Nipkow,et al.  Verified Bytecode Verifiers , 2001, FoSSaCS.

[19]  Sorin Lerner,et al.  Automatically proving the correctness of compiler optimizations , 2003, PLDI '03.

[20]  Igor Siveroni Operational semantics of the Java Card Virtual Machine , 2004, J. Log. Algebraic Methods Program..

[21]  David Cachera,et al.  Extracting a data flow analyser in constructive logic , 2005, Theor. Comput. Sci..