Verify Properties of Mobile Code

Given a program and a speci cation, you may want to verify mechanically and e ciently that this program satis es the speci cation. Software veri cation techniques typically involve theorem proving. If a formal speci cation is easily available, consumption of computational resources is a major issue. Meanwhile, we shall not overlook the psychological factors. Often, you need extra expertise to verify a program. Tools that can automatically verify programs are helpful. On the other hand, ubiquitous computing has made the correctness of a program both a security and a performance issue. If you run a piece of mobile code on your machine, you will expect that the code does not access storages unlawfully. To make sure bad things won't happen, performance is sacric ed. If programs are written in an intermediate language that is able to capture and verify properties mentioned above, your host machine will bene t from it. My research focuses on providing a typetheoretic solution to the veri cation of mobile programs. One of our primary tools is index types. Index types are a form of non-traditional types. An index type system extends the type system of a language with indices and predicates on those indices. Index types can express properties of program. To type check a program annotated with index types, we often will call an external decision procedure. Another concept used is the proof-carrying code. One of the major advantages of proof-carrying code is that a lot of theorem proving is shifted ofine. When w e use proof-carrying code to verify a property, the time spent on veri cation is mainly on proof-checking, which is considerably cheaper than theorem proving. W e rst started working on static array bounds checking problem on index-typed Java bytecode. The goal is to for a code consumer to discover statically that some array accesses are safe and can relief the running time checking. W e understand that static array bounds analysis is not decidable. W e will stick to run-time check if static checking fails to give an a rmative answer. In the index-typed bytecode and in proofcarrying code in general, the properties concerned are mainly about a state, instead of a path. For two reasons we are interested in the properties on paths and model-checking. First, data ow analysis problems can be represented as a model-checking problem on an abstracted controlow diagram. This approach allows us to use model-checking as a generic algorithms to analyze a program. Second, certain temporal properties, such as the deadlock freedom, are traditionally veri ed by model-checking. Model-checking is computational expensive due to space explosion problem. Using abstraction can reduce the state space so that we can model-check an abstract state space quicker than checking concrete state space. Computation of an abstraction, however, takes large percent of time in the veri cation process. Thus, if we establish a valid (and useful) abstraction, we can speed up the consequent model-checking even to such a level that the veri cation can be done on-they, something not achieved before. When this note is written, we are working on a framework that utilizes proof-carrying code to assist model-checking at a client machine. W e also plan to use a type system to formualte the timing requirement of a piece of code.