 
Summary: Foundational ProofCarrying Code
Andrew W. Appel
Princeton University
Abstract
Proofcarrying code is a framework for the mechani
cal verification of safety properties of machine language
programs, but the problem arises of quis custodiat ip
sos custodeswho will verify the verifier itself? Founda
tional proofcarrying code is verification from the small
est possible set of axioms, using the simplest possible ver
ifier and the smallest possible runtime system. I will de
scribe many of the mathematical and engineering prob
lems to be solved in the construction of a foundational
proofcarrying code system.
1 Introduction
When you obtain a piece of software a shrink
wrapped application, a browser plugin, an applet, an OS
kernel extension you might like to ascertain that it's safe
to execute: it accesses only its own memory and respects
the private variables of the API to which it's linked. In a
