Abstract
In this paper, we describe KindSpec, an automated tool that synthesizes software contracts from programs that are written in a significant fragment of C that supports pointer-based structures, heap manipulation, and recursion. By relying on a semantic definition of the C language in the \(\mathbb {K}\) semantic framework, KindSpec leverages the symbolic execution capabilities of \(\mathbb {K}\) to axiomatically explain any program function. This is done by using observer routines in the same program to characterize the program states before and after the function execution. The generated contracts are expressed in the form of logical axioms that specify the precise input/output behavior of the C routines, including both general axioms for default behavior and exceptional axioms for the specification error behavior. We summarize the main services provided by KindSpec, which also include a novel refinement facility that improves the quality and accuracy of the synthesized contracts. Finally, we provide an experimental evaluation that assesses its effectiveness.
This research was partially supported by TAILOR, a project funded by EU Horizon 2020 research and innovation programme under GA No 952215, grant RTI2018-094403-B-C32 funded by MCIN/AEI/10.13039/501100011033 and by “ERDF A way of making Europe”, and by Generalitat Valenciana PROMETEO/2019/098.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Some standard C syntactic errors such as IRT are not statically detected by \(\mathbb {K}\), thus they show up at (symbolic) execution time.
- 2.
From a model-theoretic viewpoint, this is to say that the solution set of \(c_{1}\) contains the solution set of \(c_{2}\).
- 3.
In separation logic [37], heap predicates are constituted by “separated” sub-formulae which hold for disjoint parts of the heap. They represent either individual memory cells, which are encoded by using points-to heap predicates (i.e., \(e_1 \mapsto e_2\) represents that the heap contains a cell at address \(e_1\) with contents \(e_2\)), or sub-heaps (heaplets), which are encoded by predicates that collapse various heap locations.
- 4.
We tested the tools in Windows (versions 7 and 10), Linux (Ubuntu 18.04) and MacOS X (10.13 High Sierra).
- 5.
In contrast, DySy relied in concolic execution (a combination of symbolic execution with dynamic testing) to obtain more precise (heap-level) axiomatic properties for non-instrumented programs.
References
ANSI/ISO IEC 9899:1999 Standard for C Language (C99), Technical Corrigendo 3 (2007)
Alpuente, M., Pardo, D., Villanueva, A.: Symbolic abstract contract synthesis in a rewriting framework. In: Hermenegildo, M.V., Lopez-Garcia, P. (eds.) LOPSTR 2016. LNCS, vol. 10184, pp. 187–202. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63139-4_11
Alpuente, M., Pardo, D., Villanueva, A.: Abstract contract synthesis and verification in the symbolic K framework. Fundam. Inform. 177(3–4), 235–273 (2020)
Anand, S., Păsăreanu, C.S., Visser, W.: Symbolic execution with abstraction. STTT 11(1), 53–67 (2009). https://doi.org/10.1007/s10009-008-0090-1
Baldoni, R., Coppa, E., D’Elia, D., Demetrescu, C., Finocch, I.: A survey of symbolic execution techniques. ACM Comput. Surv. 51(3), 1–39 (2018)
Baudin, P., et al.: ACSL: ANSI/ISO C Specification Language, version 1.4 (2010). https://frama-c.com/download/acsl_1.4.pdf
Berdine, J., et al.: Shape analysis for composite data structures. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 178–192. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73368-3_22
Bidoit, M.: Algebraic specification of exception handling and error recovery by means of declarations and equations. In: Paredaens, J. (ed.) ICALP 1984. LNCS, vol. 172, pp. 95–108. Springer, Heidelberg (1984). https://doi.org/10.1007/3-540-13345-3_8
Calcagno, C., Distefano, D.: Infer: an automatic program verifier for memory safety of C programs. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 459–465. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20398-5_33
Calcagno, C., et al.: Moving fast with software verification. In: Havelund, K., Holzmann, G., Joshi, R. (eds.) NFM 2015. LNCS, vol. 9058, pp. 3–11. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17524-9_1
Calcagno, C., Distefano, D., O’Hearn, P.W., Yang, H.: Footprint analysis: a shape analysis that discovers preconditions. In: Nielson, H.R., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 402–418. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74061-2_25
Calcagno, C., Distefano, D., O’Hearn, P.W., Yang, H.: Compositional shape analysis by means of bi-abduction. J. ACM 58(6), 26:1–26:66 (2011). https://doi.org/10.1145/2049697.2049700
Claessen, K., Smallbone, N., Hughes, J.: QuickSpec: guessing formal specifications using testing. In: Fraser, G., Gargantini, A. (eds.) TAP 2010. LNCS, vol. 6143, pp. 6–21. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13977-2_3
Csallner, C., Tillmann, N., Smaragdakis, Y.: DySy: dynamic symbolic execution for invariant inference. In: Proceedings of the ICSE 2008, pp. 281–290. ACM (2008). https://doi.org/10.1145/1368088.1368127
Dallmeier, V., Lindig, C., Wasylkowski, A., Zeller, A.: Mining object behavior with ADABU. In: Proceedings of the WODA 2006, pp. 17–24. ACM (2006). https://doi.org/10.1145/1138912.1138918
Das, A., Lahiri, S.K., Lal, A., Li, Y.: Angelic verification: precise verification modulo unknowns. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 324–342. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_19
Distefano, D., O’Hearn, P.W., Yang, H.: A local shape analysis based on separation logic. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 287–302. Springer, Heidelberg (2006). https://doi.org/10.1007/11691372_19
Ellison, C., Roşu, G.: An executable formal semantics of C with applications. In: Proceedings of the POPL 2012, pp. 533–544. ACM (2012). https://doi.org/10.1145/2103656.2103719
Ernst, M.D., et al.: The daikon system for dynamic detection of likely invariants. Sci. Comput. Prog. 69(1–3), 35–45 (2007). https://doi.org/10.1016/j.scico.2007.01.015
Gazzola, L., Micucci, D., Mariani, L.: Automatic software repair: a survey. IEEE Trans. Soft. Eng. 45, 34–67 (2018). https://doi.org/10.1109/TSE.2017.2755013
Gehani, N.H.: Exceptional C or C with exceptions. Softw.: Pract. Exp. 22(10), 827–848 (1992). https://doi.org/10.1002/spe.4380221003, https://onlinelibrary.wiley.com/doi/abs/10.1002/spe.4380221003
Gherghina, C., David, C.: A specification logic for exceptions and beyond. In: Bouajjani, A., Chin, W.-N. (eds.) ATVA 2010. LNCS, vol. 6252, pp. 173–187. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15643-4_14
Giannakopoulou, D., Rakamarić, Z., Raman, V.: Symbolic learning of component interfaces. In: Miné, A., Schmidt, D. (eds.) SAS 2012. LNCS, vol. 7460, pp. 248–264. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33125-1_18
Gogolla, M., Drosten, K., Lipeck, U.W., Ehrich, H.D.: Algebraic and operational semantics of specifications allowing exceptions and errors. Theor. Comput. Sci. 34(3), 289–313 (1984). https://doi.org/10.1016/0304-3975(84)90056-2, http://www.sciencedirect.com/science/article/pii/0304397584900562
Goguen, J.: Abstract errors for abstract data types. In: Formal Description of Programming Concepts, pp. 491–522. North-Holland (1979)
Goguen, J.A., Meseguer, J.: Order-sorted algebra I: equational deduction for multiple inheritance, overloading, exceptions and partial operations. Theor. Comput. Sci. 105(2), 217–273 (1992). https://doi.org/10.1016/0304-3975(92)90302-V, http://www.sciencedirect.com/science/article/pii/030439759290302V
Gulavani, B.S., Chakraborty, S., Ramalingam, G., Nori, A.V.: Bottom-up shape analysis using LISF. TOPLAS 2011 33(5), 17:1–17:41 (2011). https://doi.org/10.1145/2039346.2039349
Henkel, J., Diwan, A.: Discovering algebraic specifications from java classes. In: Cardelli, L. (ed.) ECOOP 2003. LNCS, vol. 2743, pp. 431–456. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45070-2_19
Henkel, J., Reichenbach, C., Diwan, A.: Discovering documentation for java container classes. IEEE Trans. Softw. Eng. 33(8), 526–543 (2007). https://doi.org/10.1109/TSE.2007.70705
King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976). https://doi.org/10.1145/360248.360252
Liskov, B., Guttag, J.: Abstraction and Specification in Program Development. MIT Press, Cambridge (1986)
Logozzo, F., Ball, T.: Modular and verified automatic program repair. In: Proceedings of the OOPSLA 2012, pp. 133–146. ACM (2012). https://doi.org/10.1145/2384616.2384626
Magill, S., Nanevski, A., Clarke, E., Lee, P.: Inferring invariants in separation logic for imperative list-processing programs. In: Proceedings of the 3rd SPACE Workshop (2006)
Meyer, B.: Applying ‘design by contract’. Computer 25(10), 40–51 (1992). https://doi.org/10.1109/2.161279
Padmanabhuni, S., Ghose, A.K.: Inductive constraint logic programming: an overview. In: Antoniou, G., Ghose, A.K., Truszczyński, M. (eds.) PRICAI 1996. LNCS, vol. 1359, pp. 1–8. Springer, Heidelberg (1998). https://doi.org/10.1007/3-540-64413-X_25
Poigné, A.: Partial algebras, subsorting, and dependent types. In: Sannella, D., Tarlecki, A. (eds.) ADT 1987. LNCS, vol. 332, pp. 208–234. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-50325-0_11
Reynolds, J.C.: Separation logic: a logic for shared mutable data structures. In: Proceedings of the LICS 2002, pp. 55–74 (2002). https://doi.org/10.1109/LICS.2002.1029817
Roşu, G., Şerbănuţă, T.F.: An overview of the K semantic framework. J. Logic Algebraic Program. 79(6), 397–434 (2010). https://doi.org/10.1016/j.jlap.2010.03.012, http://www.sciencedirect.com/science/article/pii/S1567832610000160
Schulz, S.: Simple and efficient clause subsumption with feature vector indexing. In: Bonacina, M.P., Stickel, M.E. (eds.) Automated Reasoning and Mathematics. LNCS (LNAI), vol. 7788, pp. 45–67. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36675-8_3
Tillmann, N., Chen, F., Schulte, W.: Discovering likely method specifications. In: Liu, Z., He, J. (eds.) ICFEM 2006. LNCS, vol. 4260, pp. 717–736. Springer, Heidelberg (2006). https://doi.org/10.1007/11901433_39
van Tonder, R., Goues, C.: Static automated program repair for heap properties. In: Proceedings of the ICSE 2018, pp. 151–162. ACM (2018). https://doi.org/10.1145/3180155.3180250
Wei, Y., Furia, C.A., Kazmin, N., Meyer, B.: Inferring better contracts. In: Proceedings of the ICSE 2011, pp. 191–200. ACM (2011). https://doi.org/10.1145/1985793.1985820
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Alpuente, M., Villanueva, A. (2023). Automated Synthesis of Software Contracts with KindSpec. In: Lopez-Garcia, P., Gallagher, J.P., Giacobazzi, R. (eds) Analysis, Verification and Transformation for Declarative Programming and Intelligent Systems. Lecture Notes in Computer Science, vol 13160. Springer, Cham. https://doi.org/10.1007/978-3-031-31476-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-31476-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-31475-9
Online ISBN: 978-3-031-31476-6
eBook Packages: Computer ScienceComputer Science (R0)