Certified code systems protect computers from faulty or malicious code
by requiring untrusted software to be accompanied by checkable
evidence of its safety.  This paper presents a certified code solution
to a problem in grid computing, namely, controlling the CPU usage of
untrusted programs.  Specifically, we propose to endow the runtime
system supervising local execution of grid programs with a trusted
``yield'' operation, and require the untrusted code to execute this
operation with at least a certain frequency.  Compliance with this
requirement is enforced by a special typed assembly language, which we
describe.

We also describe a compilation strategy for a general-purpose
programming language that can enforce and certify conformance to such
policies automatically without any sophisticated program analyses.
This means that owners of hosts participating in the computation
network can be confident that executing foreign code will not
compromise the availability of their machines for running their own
processes, and application programmers do not need to modify their
coding style in order to produce compliant software.