A Certifying Compiler and Pointer Logic - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

A Certifying Compiler and Pointer Logic

Description:

Department of Computer Science and Technology, University of ... Addresses are used to associate different heaps. Software Security Lab, USTC. 17. Expressivity ... – PowerPoint PPT presentation

Number of Views:19
Avg rating:3.0/5.0
Slides: 26
Provided by: zpli
Category:

less

Transcript and Presenter's Notes

Title: A Certifying Compiler and Pointer Logic


1
A Certifying Compiler and Pointer Logic
Towards Building Trusted Software
  • Zhaopeng Li
  • Software Security Lab.

Department of Computer Science and
Technology, University of Science and Technology
of China October 8, 2008
2
Outline
  • Motivation
  • Research Goals
  • Our Work
  • A Certifying Compiler
  • PointerC Language
  • Pointer Logic
  • Summary
  • Future Work

3
Motivation
  • Software Safety Problems
  • C language
  • Widely used legacy C codes
  • Not easy to write a safe code with pointers
  • One Solution Program Verification
  • Program Annotation Proof

4
Motivation (cont.)
  • Hoare Logic
  • Hoare triple PCQ
  • Hard to reason pointer programs
  • Separation Logic
  • Low-level code, or high-level code with
    restriction
  • Separation Conjunction (PQ)
  • Example

A Hoare-like Logic for C Language?
5
Research Goals
  • Verification for C pointer programs
  • Design a C-like language
  • Design a logic
  • Design a certifying compiler
  • Generate codes with proof
  • Minimize Trusted Computing Base

6
Outline
  • Motivation
  • Research Goals
  • Our Work
  • A Certifying Compiler
  • PointerC Language
  • Pointer Logic
  • Summary
  • Future Work

7
Our Certifying Compiler
Source Code Specifications
PointerC Language
Certifying Compiler
Code Compiler
Source Code Spec. Proof
Assem. Code Assem. Spec. Assem. Proof
Proof Compiler
8
Our Certifying Compiler (cont.)
  • Prototype
  • plcc ver1.0 (2005.5-2006.9)
  • plcc ver2.0 (2006.9-2007.12)
  • Improvements
  • Build-in theorem prover
  • Support limited pointer arithmetic
  • Support more data structures
  • Doubly-linked list

9
Supported Programs
  • Singly-linked/doubly-linked list
  • traversal/reversal
  • delete/insert
  • create/clear
  • Binary Tree
  • traversal/rotate
  • delete/insert

10
Evaluation
11
PointerC Language
  • PointerC
  • A subset of C language with pointer type
  • Memory management malloc/free
  • Main Constrains
  • Pointer Arithmetic is limited
  • No union type
  • No type cast

12
Pointer Logic
  • Motivation
  • PointerC typing rules with side conditions
  • A logic proof system is needed
  • Reason about source programs with complex pointer
    aliasing

( valid(p) )
Why not separation logic?
13
Pointer Logic (cont.)
No rule for aliasing inference!
No Rule for this kind of statement!
  • Why not separation logic?

t
q
p
struct List int data struct list next
14
Basic ideas
  • Precise pointer information collection
  • At each program point
  • Pointer classification
  • Valid pointer set
  • Null pointer set
  • Dangling pointer set
  • Equality between valid pointers

15
Specification
Pointer Information
The information is concise !
16
Specification (cont.)
  • Compare with separation logic
  • Access path is short
  • Low-level address is used in assertion
  • Addresses are used to associate different heaps

17
Expressivity
  • Current Application
  • Singly-linked list
  • Doubly-linked list
  • Binary Tree
  • Graph?
  • Equality between pointers is not certain
  • Unable to be expressed in current pointer logic
  • Not well-supported in separation logic either

18
Expressivity (cont.)
  • Singly-linked list
  • Flat version
  • Inductive version
  • Singly-linked list from separation logic
  • Flat version

p,l1,l2,,ln-1 are distinct!
19
Inference Rule
  • Hoare-logic-like rules
  • PCQ
  • Extend Hoare Logic
  • Calculate pointer information Q using P

20
Memory Leak
Assignment Axiom of Hoare Logic!
No rules for this case!
Pointer Logic
Memory Leak!
p
21
Comparison with Separation Logic
  • Common features
  • Extension of Hoare logic
  • Deal with pointer programs
  • Differences
  • High-level vs low-level
  • Pointer logic can deal with long access paths
  • Precise information vs information hiding
  • Rule out memory leak via different means

22
Outline
  • Motivation
  • Research Goals
  • Our Work
  • A Certifying Compiler
  • PointerC Language
  • Pointer Logic
  • Summary
  • Future Work

23
Summary
  • A Certifying Compiler
  • Theorem prover for pointer logic
  • Generate codes with proof
  • A Pointer Logic
  • Verification for PointerC pointer programs
  • Hoare-logic-like rules
  • Compare with separation logic

24
Future Work
  • PointerC Language Extension
  • More language features
  • Unlimited pointer arithmetic
  • Pointer Logic Extension
  • Deal more data structures, such as DAG
  • Pointer Logic for
  • Java (static garbage detection etc.)
  • Concurrent programming
  • Realistic Certifying Compiler
  • Verify some codes of mini-OS

25
Thanks!
Questions?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "A Certifying Compiler and Pointer Logic" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!