Lissom, a Source Level Proof Carrying Code Platform

This paper introduces a proposal for a Proof Carrying Code (PCC) architecture called Lissom. Started as a challenge for final year Computing students, Lissom was thought as a mean to prove to a sceptic community, and in particular to students, that formal verification tools can be put to practice in a realistic environment, and be used to solve complex and concrete problems. The attractiveness of the problems that PCC addresses has already brought students to show interest in this project.

💡 Research Summary

The paper presents Lissom, a novel Proof‑Carrying Code (PCC) platform that moves certificate generation from the traditional post‑compilation stage to the source‑level. The authors argue that performing verification at the source level is more natural because programmers write algorithms in high‑level languages and are often unaware of low‑level target details. By attaching security policies as annotations directly to the source code, Lissom can generate proof obligations before any optimization or code generation takes place, thereby preserving a tighter link between the policy and the program’s logical structure.

Lissom is built around a small educational language called LISS (Language for Integers, Sets and Sequences). LISS supports a realistic type system (including sets, vectors, etc.) and is intended as a test‑bed before moving to industrial‑strength languages. The platform’s architecture consists of four main components:

1. Source Language and Compiler – The compiler parses LISS programs, extracts policy annotations, and simultaneously produces both byte‑code for a stack‑based virtual machine and a set of proof obligations. The key technical challenge is to translate structural proofs that rely on source‑level constructs into proofs that remain meaningful after compilation. The authors plan to reuse techniques from Barthe et al. (reference