Interfacing Hoare Logic and Type Systems for Foundational Proof-Carrying Code

Abstract: Abstract. In this paper, we introduce a Foundational Proof-Carrying Code (FPCC) framework for constructing certified code packages from typed assembly language that will interface with a similarly certified runtime system. Our framework permits the typed assembly language to have a "foreign function" interface, in which stubs, initially provided when the program is being written, are eventually compiled and linked to code that may have been written in a language with a different type system, or even certified … Show more

“…These essentially provide a "foreign function" interface to the language, allowing for linking together external code blocks whose behavior can be specified at least partially in the TALxm type system. This feature has been previously introduced in [4] and in this paper we apply it to a system with a (albeit simple) memory management library to produce a safety proof involving more than just type safety. The usage of code stubs will become more clear later in the paper.…”

“…As in previous work [5,4], the entire TALxm language and its typing rules are mechanically formalized in a proof assistant -in this case, Coq. Furthermore, the type system is shown to be sound with respect to the operational semantics of the abstract machine.…”

“…For reasons of space, the following sections briefly outline the method in which these steps are carried out. Much of the process is similar to the framework established in [5,4]. In Section 3.3, we discuss the additional use of separation logic in the reasoning process and how it relates to the capability type system.…”

“…Then, if the code predicate invariants generated from the TALxm stub types are strong enough to imply the actual preconditions of the corresponding library code blocks, the entire package of external and TALxm data and code is wellformed under CAP, providing the necessary PCC proof of safety. The development in this section is not entirely novel -it has been previously introduced in [4]. However, in this work, it has been extended and applied to a much more complex type system and requires additional tools as described in the next section.…”

“…To address these issues, Hamid and Shao [4] developed a framework allowing, in principle, PCC packages to be produced and linked together from different sources. This paper extends that work to combine certified code compiled from a high-level language with a runtime library for memory management.…”

Integrating a certified memory management runtime with proof-carrying code

“…These essentially provide a "foreign function" interface to the language, allowing for linking together external code blocks whose behavior can be specified at least partially in the TALxm type system. This feature has been previously introduced in [4] and in this paper we apply it to a system with a (albeit simple) memory management library to produce a safety proof involving more than just type safety. The usage of code stubs will become more clear later in the paper.…”

“…As in previous work [5,4], the entire TALxm language and its typing rules are mechanically formalized in a proof assistant -in this case, Coq. Furthermore, the type system is shown to be sound with respect to the operational semantics of the abstract machine.…”

“…For reasons of space, the following sections briefly outline the method in which these steps are carried out. Much of the process is similar to the framework established in [5,4]. In Section 3.3, we discuss the additional use of separation logic in the reasoning process and how it relates to the capability type system.…”

“…Then, if the code predicate invariants generated from the TALxm stub types are strong enough to imply the actual preconditions of the corresponding library code blocks, the entire package of external and TALxm data and code is wellformed under CAP, providing the necessary PCC proof of safety. The development in this section is not entirely novel -it has been previously introduced in [4]. However, in this work, it has been extended and applied to a much more complex type system and requires additional tools as described in the next section.…”

“…To address these issues, Hamid and Shao [4] developed a framework allowing, in principle, PCC packages to be produced and linked together from different sources. This paper extends that work to combine certified code compiled from a high-level language with a runtime library for memory management.…”

Integrating a certified memory management runtime with proof-carrying code

Interfacing Hoare Logic and Type Systems for Foundational Proof-Carrying Code

A logical analysis of aliasing in imperative higher-order functions