Proofs and proof transformations for object-oriented programs

Abstract

In modern development schemes the processing of programs often involves an intermediate step of translation to some intermediate code, often called “bytecode”. This intermediate code is executed through interpretation or a second phase of compilation known as “jitting”. The execution of bytecode programs can produce unexpected behavior, which may compromise security and correctness of a software system. An important issue to address is the verification of these programs also known as mobile code. Expanding on the ideas of Proof-Carrying Code (PCC), we have introduced a verification process for bytecode programs based on proof-transforming compilation. The approach consists of translating proofs of object-oriented programs to bytecode proofs. The verification process is performed at the level of the source program making interaction easier than verifying bytecode programs. Then, a proof-transforming compiler translates automatically a contract-equipped program and its proof into bytecode representing both the program and the proof. Our approach addresses not only type safety properties, as in the original PCC work, but full functional correctness as expressed by the original contracts. This thesis develops the foundations of proof-transfoming compilation for objectoriented programs. The main results are: (1) operational and axiomatic semantics for a subset of C#, Eiffel, and Java; (2) a verification methodology for function objects; and (3) proof-transforming compilers for these languages. This thesis shows that certificates for bytecode programs can be generated automatically from certificates of objectoriented programs. The implemented prototype suggests that proof-transforming compilers can be applied to real programming languages.