对分离逻辑验证代码进行完全抽象编译的线性能力

IF 1.1 3区 计算机科学 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Journal of Functional Programming Pub Date : 2021-03-30 DOI:10.1017/s0956796821000022
THOMAS VAN STRYDONCK, FRANK PIESSENS, DOMINIQUE DEVRIESE
{"title":"对分离逻辑验证代码进行完全抽象编译的线性能力","authors":"THOMAS VAN STRYDONCK, FRANK PIESSENS, DOMINIQUE DEVRIESE","doi":"10.1017/s0956796821000022","DOIUrl":null,"url":null,"abstract":"Separation logic is a powerful program logic for the static modular verification of imperative programs. However, <jats:italic>dynamic</jats:italic> checking of separation logic contracts on the boundaries between verified and untrusted modules is hard because it requires one to enforce (among other things) that outcalls from a verified to an untrusted module do not access memory resources currently owned by the verified module. This paper proposes an approach to dynamic contract checking by relying on support for capabilities, a well-studied form of unforgeable memory pointers that enables fine-grained, efficient memory access control. More specifically, we rely on a form of capabilities called <jats:italic>linear</jats:italic> capabilities for which the hardware enforces that they cannot be copied. We formalize our approach as a fully abstract compiler from a statically verified source language to an unverified target language with support for linear capabilities. The key insight behind our compiler is that memory resources described by spatial separation logic predicates can be represented at run time by linear capabilities. The compiler is <jats:italic>separation-logic-proof-directed</jats:italic>: it uses the separation logic proof of the source program to determine how memory accesses in the source program should be compiled to linear capability accesses in the target program. The full abstraction property of the compiler essentially guarantees that compiled verified modules can interact with untrusted target language modules as if they were compiled from verified code as well. This article is an extended version of one that was presented at ICFP 2019 (Van Strydonck et al., 2019).","PeriodicalId":15874,"journal":{"name":"Journal of Functional Programming","volume":"46 1","pages":""},"PeriodicalIF":1.1000,"publicationDate":"2021-03-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Linear capabilities for fully abstract compilation of separation-logic-verified code\",\"authors\":\"THOMAS VAN STRYDONCK, FRANK PIESSENS, DOMINIQUE DEVRIESE\",\"doi\":\"10.1017/s0956796821000022\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Separation logic is a powerful program logic for the static modular verification of imperative programs. However, <jats:italic>dynamic</jats:italic> checking of separation logic contracts on the boundaries between verified and untrusted modules is hard because it requires one to enforce (among other things) that outcalls from a verified to an untrusted module do not access memory resources currently owned by the verified module. This paper proposes an approach to dynamic contract checking by relying on support for capabilities, a well-studied form of unforgeable memory pointers that enables fine-grained, efficient memory access control. More specifically, we rely on a form of capabilities called <jats:italic>linear</jats:italic> capabilities for which the hardware enforces that they cannot be copied. We formalize our approach as a fully abstract compiler from a statically verified source language to an unverified target language with support for linear capabilities. The key insight behind our compiler is that memory resources described by spatial separation logic predicates can be represented at run time by linear capabilities. The compiler is <jats:italic>separation-logic-proof-directed</jats:italic>: it uses the separation logic proof of the source program to determine how memory accesses in the source program should be compiled to linear capability accesses in the target program. The full abstraction property of the compiler essentially guarantees that compiled verified modules can interact with untrusted target language modules as if they were compiled from verified code as well. This article is an extended version of one that was presented at ICFP 2019 (Van Strydonck et al., 2019).\",\"PeriodicalId\":15874,\"journal\":{\"name\":\"Journal of Functional Programming\",\"volume\":\"46 1\",\"pages\":\"\"},\"PeriodicalIF\":1.1000,\"publicationDate\":\"2021-03-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Functional Programming\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1017/s0956796821000022\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Functional Programming","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1017/s0956796821000022","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

摘要

分离逻辑是一种功能强大的程序逻辑,用于命令式程序的静态模块化验证。然而,对已验证模块和不受信任模块之间边界上的分离逻辑契约进行动态检查是困难的,因为它需要强制执行(除其他事项外)从已验证模块到不受信任模块的输出调用不访问当前由已验证模块拥有的内存资源。本文提出了一种动态契约检查的方法,它依赖于对功能的支持,这是一种经过充分研究的不可伪造内存指针形式,可以实现细粒度、高效的内存访问控制。更具体地说,我们依赖于一种称为线性能力的能力形式,硬件强制它们不能被复制。我们将我们的方法形式化为一个完全抽象的编译器,从静态验证的源语言到支持线性功能的未经验证的目标语言。我们编译器背后的关键见解是,由空间分离逻辑谓词描述的内存资源可以在运行时通过线性能力表示。编译器是面向分离逻辑证明的:它使用源程序的分离逻辑证明来确定源程序中的内存访问应该如何编译为目标程序中的线性能力访问。编译器的完整抽象属性本质上保证编译后的经过验证的模块可以与不受信任的目标语言模块交互,就好像它们是从经过验证的代码中编译出来的一样。本文是在ICFP 2019上发表的一篇文章的扩展版本(Van Strydonck et al., 2019)。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Linear capabilities for fully abstract compilation of separation-logic-verified code
Separation logic is a powerful program logic for the static modular verification of imperative programs. However, dynamic checking of separation logic contracts on the boundaries between verified and untrusted modules is hard because it requires one to enforce (among other things) that outcalls from a verified to an untrusted module do not access memory resources currently owned by the verified module. This paper proposes an approach to dynamic contract checking by relying on support for capabilities, a well-studied form of unforgeable memory pointers that enables fine-grained, efficient memory access control. More specifically, we rely on a form of capabilities called linear capabilities for which the hardware enforces that they cannot be copied. We formalize our approach as a fully abstract compiler from a statically verified source language to an unverified target language with support for linear capabilities. The key insight behind our compiler is that memory resources described by spatial separation logic predicates can be represented at run time by linear capabilities. The compiler is separation-logic-proof-directed: it uses the separation logic proof of the source program to determine how memory accesses in the source program should be compiled to linear capability accesses in the target program. The full abstraction property of the compiler essentially guarantees that compiled verified modules can interact with untrusted target language modules as if they were compiled from verified code as well. This article is an extended version of one that was presented at ICFP 2019 (Van Strydonck et al., 2019).
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Functional Programming
Journal of Functional Programming 工程技术-计算机:软件工程
CiteScore
1.70
自引率
0.00%
发文量
9
审稿时长
>12 weeks
期刊介绍: Journal of Functional Programming is the only journal devoted solely to the design, implementation, and application of functional programming languages, spanning the range from mathematical theory to industrial practice. Topics covered include functional languages and extensions, implementation techniques, reasoning and proof, program transformation and synthesis, type systems, type theory, language-based security, memory management, parallelism and applications. The journal is of interest to computer scientists, software engineers, programming language researchers and mathematicians interested in the logical foundations of programming.
期刊最新文献
Signature restriction for polymorphic algebraic effects Asymptotic speedup via effect handlers Static Blame for gradual typing Knuth–Morris–Pratt illustrated Sparcl: A language for partially invertible computation
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1