Computing stack maps with interfaces

International audienceLightweight bytecode verification uses stack maps to annotate Java bytecode programs with type information in order to reduce the verification to type checking. This paper describes an improved bytecode analyser together with algorithms for optimizing the stack maps generated. The analyser is simplified in its treatment of base values (keeping only the necessary information to ensure memory safety) and enriched in its representation of interface types, using the Dedekind-MacNeille completion technique. The computed interface information allows to remove the dynamic checks at interface method invocations. We prove the memory safety property guaranteed by the bytecode verifier using an operational semantics whose distinguishing feature is the use of un-tagged 32-bit values. For bytecode typable without sets of types we show how to prune the fix-point to obtain a stack map that can be checked without computing with sets of interfaces i.e., lightweight verification is not made more complex or costly. Experiments on three substantial test suites show that stack maps can be computed and correctly pruned by an optimized (but incomplete) pruning algorithm

Pruning program invariants

This thesis addresses the generation of certificates for Proof-Carrying Code that are both small and easy to check. We propose methods for obtaining small witnesses of a safety property in the context of Abstraction-Carrying Code. In the distributive case, the weakest witness (\emph{i.e.}, the smallest) may be computed. For the general case, we propose a pruning technique for weakening a given witness. This technique is applied to the abstract domain of convex polyhedra, in the intraprocedural and then interprocedural case. Another application is presented, which allows the lightweight bytecode verification to be enriched by including interface method calls, without making the checker more complex. We present various reconstruction algorithms which generalise existing checking algorithms. Finally, to facilitate the use of Binary Decision Diagrams in static analysis (and thus for Abstraction-Carrying Code), we prove the soundness of a relational formulation of the least fixpoint semantics of definite range-restricted logic programs.Cette thèse s'intéresse à l'obtention de certificats pour le Proof-Carrying Code qui soient à la fois petits et faciles à vérifier. Nous proposons des méthodes pour obtenir de petits témoins d'une propriété de sûreté dans le contexte de l'Abstraction-Carrying Code. Dans le cas distributif, le plus faible témoin (c'est à dire, le plus petit) peut être calculé. Dans le cas général, nous proposons une technique d'élagage pour affaiblir un témoin donné. Cette technique est appliquée au domaine abstrait des polyèdres convexes, dans le cas intraprocédural puis interprocéedural. Une autre application est présentée, qui permet d'enrichir la vérification lightweight de bytecode en incluant les appels de méthodes d'interfaces, sans compliquer le vérifieur. Nous présentons différents algorithmes de reconstruction qui généralisent les algorithmes de vérification existants. Enfin, pour faciliter l'utilisation des Binary Decision Diagrams en analyse statique (et donc pour l'Abstraction-Carrying Code), nous prouvons la correction d'une formulation relationnelle de la sémantique de plus petit point fixe des programmes logiques définis et "range-restricted''.RENNES1-BU Sciences Philo (352382102) / SudocRENNES-INRIA Rennes Irisa (352382340) / SudocSudocFranceF

Computing the Least Fix-point Semantics of Definite Logic Programs Using BDDs

We present the semantic foundations for computing the least fix-point semantics of definite logic programs using only standard operations over boolean functions. More precisely, we propose a representation of sets of first-order terms by boolean functions and a provably sound formulation of intersection, union, and projection (an operation similar to restriction in relational databases) using conjunction, disjunction, and existential quantification. We report on a prototype implementation of a logic solver using Binary Decision Diagrams (BDDs) to represent boolean functions and compute the above-mentioned three operations. This work paves the way for efficient solvers for particular classes of logic programs e.g., static program analyses, which leverage BDD technologies to factorise similarities in the solution space

Result certification for relational program analysis

We define a generic relational program analysis for an imperative, stack-oriented byte code language with procedures, arrays and global variables and instantiate it with an abstract domain of polyhedra. The analysis has automatic inference of loop invariants and method pre-/post-conditions, and efficient checking of analysis results by a simple checker. Invariants, which can be large, can be specialized for proving a safety policy using an automatic pruning technique which reduces their size. The result of the analysis can be checked efficiently by annotating the program with parts of the invariant together with certificates of polyhedral inclusions, which allow to avoid certain complex polyhedral computation such as the convex hull of two polyhedra. Small, easily checkable inclusion certificates are obtained using Farkas lemma for proving the absence of solutions to systems of linear inequalities. The resulting checker is sufficiently simple to be entirely certified within the Coq proof assistant