Abstract
For extensible software platforms in safety-critical domains, it is important that deployed plug-ins work as specified. This is especially true with the prospect of allowing third parties to add plug-ins. We propose a contract-based approach for deployment-time verification. Every plug-in guarantees its functional behavior under a specific set of assumptions towards its environment. With proof-carrying apps, we generalize proof-carrying code from proofs to artifacts that facilitate deployment-time verification, where the expected behavior is specified by the means of design-by-contract. With proof artifacts, the conformance of apps to environment assumptions is checked during deployment, even on resource-constrained devices. This procedure prevents unsafe operation by unintended programming mistakes as well as intended malicious behavior. We discuss which criteria a formal verification technique has to fulfill to be applicable to proof-carrying apps and evaluate the verification tools KeY and Soot for proof-carrying apps.
This work was partially supported by the DFG (German Research Foundation) under the Researcher Unit FOR1800: Controlling Concurrent Change (CCC).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahrendt, W., et al.: The KeY platform for verification and analysis of Java Programs. In: Giannakopoulou, D., Kroening, D. (eds.) VSTTE 2014. LNCS, vol. 8471, pp. 55–71. Springer, Heidelberg (2014). http://dx.doi.org/10.1007/978-3-319-12154-3_4
Aiken, A., Bugrara, S., Dillig, I., Dillig, T., Hackett, B., Hawkins, P.: An overview of the saturn project. In: Workshop on Program Analysis for Software Tools and Engineering, PASTE 2007, pp. 43–48. ACM, New York (2007). http://doi.acm.org/10.1145/1251535.1251543
Apel, S., Batory, D., Kästner, C., Saake, G.: Feature-Oriented Software Product Lines: Concepts and Implementation. Springer, Heidelberg (2013)
Arzt, S., Bodden, E.: Reviser: efficiently updating IDE-/IFDS-based data-flow analyses in response to incremental program changes. In: International Conference on Software Engineering, ICSE 2014, pp. 288–298. ACM, New York (2014). http://doi.acm.org/10.1145/2568225.2568243
Baier, C., Katoen, J.: Principles of Model Checking. MIT Press, Cambridge (2008)
Barthe, G., Crégut, P., Grégoire, B., Jensen, T., Pichardie, D.: The MOBIUS proof carrying code infrastructure. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2007. LNCS, vol. 5382, pp. 1–24. Springer, Heidelberg (2008). http://dx.doi.org/10.1007/978-3-540-92188-2_1
Bertot, Y., Castéran, P.: Interactive Theorem Proving and Program Development - Coq’Art: The Calculus of Inductive Constructions. Texts in Theoretical Computer Science. An EATCS Series. Springer, Heidelberg (2004). http://dx.doi.org/10.1007/978-3-662-07964-5
Beyer, D., Keremoglu, M.E.: CPAchecker: a tool for configurable software verification. In: Qadeer, S., Gopalakrishnan, G. (eds.) CAV 2011. LNCS, vol. 6806, pp. 184–190. Springer, Heidelberg (2011). http://dx.doi.org/10.1007/978-3-642-22110-1_16
Brat, G., Visser, W.: Combining static analysis and model checking for software analysis. In: International Conference on Automated Software Engineering, ASE 2001, p. 262. IEEE Computer Society, Washington (2001). http://dl.acm.org/citation.cfm?id=872023.872568
Bubel, R., Hähnle, R., Pelevina, M.: Fully abstract operation contracts. In: Margaria, T., Steffen, B. (eds.) ISoLA 2014, Part II. LNCS, vol. 8803, pp. 120–134. Springer, Heidelberg (2014). http://dx.doi.org/10.1007/978-3-662-45231-8_9
Colby, C., Lee, P., Necula, G.C., Blau, F., Plesko, M., Cline, K.: A certifying compiler for Java. In: Lam, M.S. (ed.) Conference on Programming Language Design and Implementation, pp. 95–107. ACM (2000). http://doi.acm.org/10.1145/349299.349315
Hähnle, R., Schaefer, I., Bubel, R.: Reuse in software verification by abstract method calls. In: Bonacina, M.P. (ed.) CADE 2013. LNCS, vol. 7898, pp. 300–314. Springer, Heidelberg (2013). http://dx.doi.org/10.1007/978-3-642-38574-2_21
Hatcliff, J., Leavens, G.T., Leino, K.R.M., Müller, P., Parkinson, M.J.: Behavioral interface specification languages. ACM Comput. Surv. 44(3), 16 (2012). http://doi.acm.org/10.1145/2187671.2187678
Havelund, K., Pressburger, T.: Model checking JAVA programs using JAVA PathFinder. Int. J. Softw. Tools Technol. Transf. 2(4), 366–381 (2000). http://dx.doi.org/10.1007/s100090050043
Jhala, R., Majumdar, R.: Software model checking. ACM Comput. Surv. (CSUR) 41(4), 21 (2009)
Lam, P., Bodden, E., Lhoták, O., Hendren, L.: The Soot framework for Java program analysis: a retrospective (2011)
Lauterburg, S., Sobeih, A., Marinov, D., Viswanathan, M.: Incremental state-space exploration for programs with dynamically allocated data. In: International Conference on Software Engineering, ICSE 2008, pp. 291–300. ACM, New York (2008). http://doi.acm.org/10.1145/1368088.1368128
Leavens, G.T.: JML: expressive contracts, specification inheritance, and behavioral subtyping. In: Principles and Practices of Programming on the Java Platform, p. 1 (2015). http://doi.acm.org/10.1145/2807426.2817926
Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Logic for Programming, Artificial Intelligence, and Reasoning, pp. 348–370 (2010). http://dx.doi.org/10.1007/978-3-642-17511-4_20
Meyer, B.: Applying “design by contract”. IEEE Comput. 25(10), 40–51 (1992). http://doi.ieeecomputersociety.org/10.1109/2.161279
Mudduluru, R., Ramanathan, M.K.: Efficient incremental static analysis using path abstraction. In: Gnesi, S., Rensink, A. (eds.) FASE 2014 (ETAPS). LNCS, vol. 8411, pp. 125–139. Springer, Heidelberg (2014). http://dx.doi.org/10.1007/978-3-642-54804-8_9
Necula, G.C.: Proof-carrying code. In: Lee, P., Henglein, F., Jones, N.D. (eds.) Symposium on Principles of Programming Languages, pp. 106–119. ACM Press (1997). http://doi.acm.org/10.1145/263699.263712
Necula, G.C., Lee, P.: The design and implementation of a certifying compiler. In: Davidson, J.W., Cooper, K.D., Berman, A.M. (eds.) Conference on Programming Language Design and Implementation, pp. 333–344. ACM (1998). http://doi.acm.org/10.1145/277650.277752
Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999). http://dx.doi.org/10.1007/978-3-662-03811-6
Person, S., Yang, G., Rungta, N., Khurshid, S.: Directed incremental symbolic execution. In: Conference on Programming Language Design and Implementation, PLDI 2011, pp. 504–515. ACM, New York (2011). http://doi.acm.org/10.1145/1993498.1993558
Rushby, J.M.: Design and verification of secure systems. SIGOPS Oper. Syst. Rev. 15(5), 12–21 (1981). http://doi.acm.org/10.1145/1067627.806586
Schumann, J.M.: Automated Theorem Proving in Software Engineering. Springer, Heidelberg (2001)
Thüm, T., Apel, S., Kästner, C., Schaefer, I., Saake, G.: A classification and survey of analysis strategies for software product lines. ACM Comput. Surv. 47(1), 6:1–6:45 (2014). http://doi.acm.org/10.1145/2580950
Acknowledgments
We thank Christoph Seidl for his support in earlier phases of the paper. We gratefully acknowledge the support of Eric Bodden and Steven Arzt with Soot and Reviser.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Holthusen, S., Nieke, M., Thüm, T., Schaefer, I. (2016). Proof-Carrying Apps: Contract-Based Deployment-Time Verification. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques. ISoLA 2016. Lecture Notes in Computer Science(), vol 9952. Springer, Cham. https://doi.org/10.1007/978-3-319-47166-2_58
Download citation
DOI: https://doi.org/10.1007/978-3-319-47166-2_58
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47165-5
Online ISBN: 978-3-319-47166-2
eBook Packages: Computer ScienceComputer Science (R0)