Bytecode Verification for Haskell
نویسندگان
چکیده
In this paper we present a method for verifying Yhc bytecode, an intermediate form of Haskell suitable for mobile code applications. We examine the issues involved with verifying Yhc bytecode programs, and we present a proof-of-concept bytecode compiler and verifier. Verification is a static analysis which ensures that a bytecode program is type-safe. The ability to check type-safety is important for mobile code situations where untrusted code may be executed. Type-safety subsumes the critical memory-safety property and excludes important classes of exploitable bugs, such as buffer overflows. Haskell’s rich type system also allows programmers to build effective, static security policies and enforce them using the type checker. Verification allows us to be confident the constraints of our security policy are enforced.
منابع مشابه
Imperative Functional Programming with Isabelle/HOL
We introduce a lightweight approach for reasoning about programs involving imperative data structures using the proof assistant Isabelle/HOL. It is based on shallow embedding of programs, a polymorphic heap model using enumeration encodings and type classes, and a state-exception monad similar to known counterparts from Haskell. Existing proof automation tools are easily adapted to provide a ve...
متن کاملResearch on On-card Bytecode Verifier for Java Cards
The bytecode verification is a key point of the security chain of the Java Platform. This feature is optional in many embedded devices since the memory requirements of the verification process and the process capability of hardware are too high. In this paper we propose a verifier that utilizes the logical flow graph based cache policy and an improved non stressing type coding method, for the b...
متن کاملPractical Verification Condition Generation for a Bytecode Language
Automatic program verifiers typically generate verification conditions from the program and discharge them with an automated theorem prover. An important consideration is the manner in which program code and invariants are expressed. We have developed a bytecode language (similar, in spirit, to Java bytecode) on which verification is performed. This serves as both an intermediate language for u...
متن کاملBytecode Model Checking: An Experimental Analysis
Java bytecode verification is traditionally performed by a polynomial time dataflow algorithm. We investigate an alternative based on reducing bytecode verification to model checking. Despite an exponential worst case time complexity, model checking type-correct bytecode is polynomial in practice when carried out using an explicit state, onthe-fly model checker like Spin. We investigate this th...
متن کاملVerified Java bytecode verification
The bytecode verifier is an important part of Java’s security architecture. This thesis presents a fully formal, executable, and machine checked specification of a representative subset of the Java Virtual Machine and its bytecode verifier together with a proof that the bytecode verifier is safe. The specification consists of an abstract framework for bytecode verification which is instantiated...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007