A Certifying Compiler and Pointer Logic - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

A Certifying Compiler and Pointer Logic

Description:

Department of Computer Science and Technology, University of ... Addresses are used to associate different heaps. Software Security Lab, USTC. 17. Expressivity ... – PowerPoint PPT presentation

Number of Views:19
Avg rating:3.0/5.0
Slides: 26
Provided by: zpli
Category:

less

Transcript and Presenter's Notes

Title: A Certifying Compiler and Pointer Logic


1
A Certifying Compiler and Pointer Logic
Towards Building Trusted Software
  • Zhaopeng Li
  • Software Security Lab.

Department of Computer Science and
Technology, University of Science and Technology
of China October 8, 2008
2
Outline
  • Motivation
  • Research Goals
  • Our Work
  • A Certifying Compiler
  • PointerC Language
  • Pointer Logic
  • Summary
  • Future Work

3
Motivation
  • Software Safety Problems
  • C language
  • Widely used legacy C codes
  • Not easy to write a safe code with pointers
  • One Solution Program Verification
  • Program Annotation Proof

4
Motivation (cont.)
  • Hoare Logic
  • Hoare triple PCQ
  • Hard to reason pointer programs
  • Separation Logic
  • Low-level code, or high-level code with
    restriction
  • Separation Conjunction (PQ)
  • Example

A Hoare-like Logic for C Language?
5
Research Goals
  • Verification for C pointer programs
  • Design a C-like language
  • Design a logic
  • Design a certifying compiler
  • Generate codes with proof
  • Minimize Trusted Computing Base

6
Outline
  • Motivation
  • Research Goals
  • Our Work
  • A Certifying Compiler
  • PointerC Language
  • Pointer Logic
  • Summary
  • Future Work

7
Our Certifying Compiler
Source Code Specifications
PointerC Language
Certifying Compiler
Code Compiler
Source Code Spec. Proof
Assem. Code Assem. Spec. Assem. Proof
Proof Compiler
8
Our Certifying Compiler (cont.)
  • Prototype
  • plcc ver1.0 (2005.5-2006.9)
  • plcc ver2.0 (2006.9-2007.12)
  • Improvements
  • Build-in theorem prover
  • Support limited pointer arithmetic
  • Support more data structures
  • Doubly-linked list

9
Supported Programs
  • Singly-linked/doubly-linked list
  • traversal/reversal
  • delete/insert
  • create/clear
  • Binary Tree
  • traversal/rotate
  • delete/insert

10
Evaluation
11
PointerC Language
  • PointerC
  • A subset of C language with pointer type
  • Memory management malloc/free
  • Main Constrains
  • Pointer Arithmetic is limited
  • No union type
  • No type cast

12
Pointer Logic
  • Motivation
  • PointerC typing rules with side conditions
  • A logic proof system is needed
  • Reason about source programs with complex pointer
    aliasing

( valid(p) )
Why not separation logic?
13
Pointer Logic (cont.)
No rule for aliasing inference!
No Rule for this kind of statement!
  • Why not separation logic?

t
q
p
struct List int data struct list next
14
Basic ideas
  • Precise pointer information collection
  • At each program point
  • Pointer classification
  • Valid pointer set
  • Null pointer set
  • Dangling pointer set
  • Equality between valid pointers

15
Specification
Pointer Information
The information is concise !
16
Specification (cont.)
  • Compare with separation logic
  • Access path is short
  • Low-level address is used in assertion
  • Addresses are used to associate different heaps

17
Expressivity
  • Current Application
  • Singly-linked list
  • Doubly-linked list
  • Binary Tree
  • Graph?
  • Equality between pointers is not certain
  • Unable to be expressed in current pointer logic
  • Not well-supported in separation logic either

18
Expressivity (cont.)
  • Singly-linked list
  • Flat version
  • Inductive version
  • Singly-linked list from separation logic
  • Flat version

p,l1,l2,,ln-1 are distinct!
19
Inference Rule
  • Hoare-logic-like rules
  • PCQ
  • Extend Hoare Logic
  • Calculate pointer information Q using P

20
Memory Leak
Assignment Axiom of Hoare Logic!
No rules for this case!
Pointer Logic
Memory Leak!
p
21
Comparison with Separation Logic
  • Common features
  • Extension of Hoare logic
  • Deal with pointer programs
  • Differences
  • High-level vs low-level
  • Pointer logic can deal with long access paths
  • Precise information vs information hiding
  • Rule out memory leak via different means

22
Outline
  • Motivation
  • Research Goals
  • Our Work
  • A Certifying Compiler
  • PointerC Language
  • Pointer Logic
  • Summary
  • Future Work

23
Summary
  • A Certifying Compiler
  • Theorem prover for pointer logic
  • Generate codes with proof
  • A Pointer Logic
  • Verification for PointerC pointer programs
  • Hoare-logic-like rules
  • Compare with separation logic

24
Future Work
  • PointerC Language Extension
  • More language features
  • Unlimited pointer arithmetic
  • Pointer Logic Extension
  • Deal more data structures, such as DAG
  • Pointer Logic for
  • Java (static garbage detection etc.)
  • Concurrent programming
  • Realistic Certifying Compiler
  • Verify some codes of mini-OS

25
Thanks!
Questions?
Write a Comment
User Comments (0)
About PowerShow.com