Certificate Translation for Specification Preserving Advices Certificate Translation for Specification Preserving Advices Gilles Barthe and César Kunz INRIA Sophia Antipolis - Méditerranée FOAL 2008 César Kunz (with Gilles Barthe) FOAL 2008
Certificate Translation for Specification Preserving Advices MOTIVATION SPECIFICATION PRESERVING ADVICES PROVING SPECIFICATION PRESERVING ADVICES REDUCING PROOF OBLIGATIONS IMPROVING THE VERIFICATION POWER CERTIFICATE TRANSLATION César Kunz (with Gilles Barthe) FOAL 2008
Certificate Translation for Specification Preserving Advices Local reasoning on: - Baseline Code (to understand main functionality) César Kunz (with Gilles Barthe) FOAL 2008 3
Certificate Translation for Specification Preserving Advices Local reasoning on: - Baseline Code (to understand main functionality) - Advice Code (to understand the implemented aspect Incremental concerns: - Contract enforcement - Logging / Profiling - Evolving Security Requirements César Kunz (with Gilles Barthe) FOAL 2008 4
Certificate Translation for Specification Preserving Advices Local reasoning on: - Baseline Code (to understand main functionality) - Advice Code (to understand the implemented aspect Incremental concerns: - Contract enforcement - Logging / Profiling - Evolving Security Requirements Global analysis of pointcuts to understand interaction of aspects César Kunz (with Gilles Barthe) FOAL 2008 5
Certificate Translation for Specification Preserving Advices Producer vs Consumer Perspective PCC setting: contract enforcement Obliviousness -> Local Reasoning? ● functional properties (logic formulae) ● Absence of null pointer access ● Type Safety, etc. Syntactic Obliviousness is not enough Contract preserv. vs semantic preserv weaker requirement Syntactic Obliviousness vs. Semantic Obliviousness Satisfies baseline contract P code Advice code Dantas & Walker [POPL06]: Satisfies ● characterize Harmless Advices that baseline contract P allow local reasoning code ● information flow analysis to check advice non-interference. César Kunz (with Gilles Barthe) FOAL 2008 6
Certificate Translation for Specification Preserving Advices MOTIVATION SPECIFICATION PRESERVING ADVICES PROVING SPECIFICATION PRESERVING ADVICES REDUCING PROOF OBLIGATIONS IMPROVING THE VERIFICATION POWER CERTIFICATE TRANSLATION César Kunz (with Gilles Barthe) FOAL 2008 7
Certificate Translation for Specification Preserving Advices Specification Preserving Advices Harmless Spec. preserving NO NO Strong specification César Kunz (with Gilles Barthe) FOAL 2008 8
Certificate Translation for Specification Preserving Advices Specification Preserving Advices Harmless Spec. preserving NO YES César Kunz (with Gilles Barthe) FOAL 2008 9
Certificate Translation for Specification Preserving Advices Specification Preserving Advices Harmless Spec. preserving YES NO César Kunz (with Gilles Barthe) FOAL 2008 10
Certificate Translation for Specification Preserving Advices Specification Preserving Advices Harmless Spec. preserving A specification preserving advice may modify variables in the specification. NO YES ● Output value may differ ● is not invalidated. ● is ensured. César Kunz (with Gilles Barthe) FOAL 2008 11
Certificate Translation for Specification Preserving Advices MOTIVATION SPECIFICATION PRESERVING ADVICES PROVING SPECIFICATION PRESERVING ADVICES REDUCING PROOF OBLIGATIONS IMPROVING THE VERIFICATION POWER CERTIFICATE TRANSLATION César Kunz (with Gilles Barthe) FOAL 2008 12
Certificate Translation for Specification Preserving Advices Proving spec-preservation Baseline Code Verification: wp-based Vcgen Verification of spec. preservation: wp-based Vcgen over modified advice code. f f César Kunz (with Gilles Barthe) FOAL 2008 13
Certificate Translation for Specification Preserving Advices Proving spec-preservation f f César Kunz (with Gilles Barthe) FOAL 2008 14
Certificate Translation for Specification Preserving Advices MOTIVATION SPECIFICATION PRESERVING ADVICES PROVING SPECIFICATION PRESERVING ADVICES REDUCING PROOF OBLIGATIONS IMPROVING THE VERIFICATION POWER CERTIFICATE TRANSLATION César Kunz (with Gilles Barthe) FOAL 2008 15
Certificate Translation for Specification Preserving Advices Specification Harmless Advices César Kunz (with Gilles Barthe) FOAL 2008 16
Certificate Translation for Specification Preserving Advices Specification Harmless Advices César Kunz (with Gilles Barthe) FOAL 2008 17
Certificate Translation for Specification Preserving Advices Specification Harmless Advices César Kunz (with Gilles Barthe) FOAL 2008 18
Certificate Translation for Specification Preserving Advices Specification Harmless Advices Does not modify V Does not modify V and res=x César Kunz (with Gilles Barthe) FOAL 2008 19
Certificate Translation for Specification Preserving Advices Specification Harmless Advices Does not modify V Does not modify V and res=x César Kunz (with Gilles Barthe) FOAL 2008 20
Certificate Translation for Specification Preserving Advices Specification Harmless Advices Does not Does not modify V modify V Does not Does not modify V modify V and res=x and res=x César Kunz (with Gilles Barthe) FOAL 2008 21
Certificate Translation for Specification Preserving Advices Specification Harmless Advices Does not Does not modify V modify V Does not Does not modify V modify V and res=x and res=x César Kunz (with Gilles Barthe) FOAL 2008 22
Certificate Translation for Specification Preserving Advices MOTIVATION SPECIFICATION PRESERVING ADVICES PROVING SPECIFICATION PRESERVING ADVICES REDUCING PROOF OBLIGATIONS IMPROVING THE VERIFICATION POWER CERTIFICATE TRANSLATION César Kunz (with Gilles Barthe) FOAL 2008 23
Certificate Translation for Specification Preserving Advices IMPROVING THE VERIFICATION POWER f f César Kunz (with Gilles Barthe) FOAL 2008 24
Certificate Translation for Specification Preserving Advices IMPROVING THE VERIFICATION POWER f f g g César Kunz (with Gilles Barthe) FOAL 2008 25
Or you want to verify the advice locally without Certificate Translation for Specification Preserving Advices considering for the moment in which contexts it will be IMPROVING THE VERIFICATION POWER executed! Drawback Multiple advised procedures = multiple verification invariants. f f g g César Kunz (with Gilles Barthe) FOAL 2008 26
Or you want to verify the advice locally without Certificate Translation for Specification Preserving Advices considering for the moment in which contexts it will be IMPROVING THE VERIFICATION POWER executed! Drawback Multiple advised procedures = multiple verification invariants. f f g g (specification of proceed improves modularity) César Kunz (with Gilles Barthe) FOAL 2008 27
Certificate Translation for Specification Preserving Advices IMPROVING THE VERIFICATION POWER Interference is not always a bad thing. Some advices are be spec-preserving when combined but not when analyzed in isolation ... ... ... César Kunz (with Gilles Barthe) FOAL 2008 28
Certificate Translation for Specification Preserving Advices IMPROVING THE VERIFICATION POWER ... Baseline proc. César Kunz (with Gilles Barthe) FOAL 2008 29
Certificate Translation for Specification Preserving Advices IMPROVING THE VERIFICATION POWER ... Baseline proc. Baseline proc. César Kunz (with Gilles Barthe) FOAL 2008 30
Certificate Translation for Specification Preserving Advices IMPROVING THE VERIFICATION POWER ... Baseline proc. Baseline proc. César Kunz (with Gilles Barthe) FOAL 2008 31
Certificate Translation for Specification Preserving Advices IMPROVING THE VERIFICATION POWER ... Baseline proc. Baseline proc. César Kunz (with Gilles Barthe) FOAL 2008 32
Certificate Translation for Specification Preserving Advices IMPROVING THE VERIFICATION POWER ... Baseline proc. . . . ... Baseline proc. César Kunz (with Gilles Barthe) FOAL 2008 33
Certificate Translation for Specification Preserving Advices IMPROVING THE VERIFICATION POWER ... Baseline proc. . . . ... Baseline proc. César Kunz (with Gilles Barthe) FOAL 2008 34
Certificate Translation for Specification Preserving Advices IMPROVING THE VERIFICATION POWER . . . ... Baseline proc. Specification Refinement instead of Specification Preservation César Kunz (with Gilles Barthe) FOAL 2008 35
Certificate Translation for Specification Preserving Advices MOTIVATION SPECIFICATION PRESERVING ADVICES PROVING SPECIFICATION PRESERVING ADVICES REDUCING PROOF OBLIGATIONS IMPROVING THE VERIFICATION POWER CERTIFICATE TRANSLATION César Kunz (with Gilles Barthe) FOAL 2008 36
Certificate Translation for Specification Preserving Advices Certificate Translation César Kunz (with Gilles Barthe) FOAL 2008 37
Recommend
More recommend