skip to main content
research-article

Soft contract verification

Published:19 August 2014Publication History
Skip Abstract Section

Abstract

Behavioral software contracts are a widely used mechanism for governing the flow of values between components. However, run-time monitoring and enforcement of contracts imposes significant overhead and delays discovery of faulty components to run-time.

To overcome these issues, we present soft contract verification, which aims to statically prove either complete or partial contract correctness of components, written in an untyped, higher-order language with first-class contracts. Our approach uses higher-order symbolic execution, leveraging contracts as a source of symbolic values including unknown behavioral values, and employs an updatable heap of contract invariants to reason about flow-sensitive facts. We prove the symbolic execution soundly approximates the dynamic semantics and that verified programs can't be blamed.

The approach is able to analyze first-class contracts, recursive data structures, unknown functions, and control-flow-sensitive refinements of values, which are all idiomatic in dynamic languages. It makes effective use of an off-the-shelf solver to decide problems without heavy encodings. The approach is competitive with a wide range of existing tools - including type systems, flow analyzers, and model checkers - on their own benchmarks.

References

  1. A. Aiken, E. L. Wimmers, and T. K. Lakshman. Soft typing with conditional types. POPL, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. T. H. Austin, T. Disney, and C. Flanagan. Virtual values for language extension. OOPSLA, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. C. Barrett, C. Conway, M. Deters, L. Hadarean, D. Jovanović, T. King, A. Reynolds, and C. Tinelli. CVC4. CAV. 2011.Google ScholarGoogle Scholar
  4. R. Cartwright and M. Fagan. Soft typing. PLDI, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. R. Cartwright and M. Felleisen. Program verification through soft typing. ACM Comput. Surv., 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. R. Chugh, D. Herman, and R. Jhala. Dependent types for JavaScript. In OOPSLA, 2012a. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. R. Chugh, P. M. Rondon, and R. Jhala. Nested refinements: A logic for duck typing. In POPL, 2012b. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. L. De Moura and N. Bjørner. Z3: an efficient SMT solver. TACAS, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. C. Dimoulas, R. B. Findler, C. Flanagan, and M. Felleisen. Correct blame for contracts: no more scapegoating. POPL, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. T. Disney. contracts.coffee, July 2013. URL http://disnetdev.com/contracts.coffee/.Google ScholarGoogle Scholar
  11. T. Disney, C. Flanagan, and J. McCarthy. Temporal higher-order contracts. ICFP, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. M. Fähndrich and F. Logozzo. Static contract checking with abstract interpretation. FoVeOOS, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. R. B. Findler and M. Felleisen. Contracts for higher-order functions. ICFP, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. C. Flanagan and M. Felleisen. Componential set-based analysis. ACM Trans. Program. Lang. Syst., 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. C. Flanagan, M. Flatt, S. Krishnamurthi, S. Weirich, and M. Felleisen. Catching bugs in the web of program invariants. PLDI, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. T. Freeman and F. Pfenning. Refinement types for ML. PLDI, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. F. Henglein. Dynamic typing: syntax and proof theory. Science of Computer Programming, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. R. Hickey, M. Fogus, and contributors. core.contracts, July 2013. URL https://github.com/clojure/core.contracts.Google ScholarGoogle Scholar
  19. J. I. Johnson and D. Van Horn. Abstracting abstract control. CoRR, 2014. URL http://arxiv.org/abs/1305.3163.Google ScholarGoogle Scholar
  20. K. Knowles and C. Flanagan. Hybrid type checking. ACM Trans. Program. Lang. Syst., 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. N. Kobayashi. Model-checking higher-order functions. PPDP, 2009a. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. N. Kobayashi. Types and higher-order recursion schemes for verification of higher-order programs. POPL, 2009b. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. N. Kobayashi and A. Igarashi. Model-Checking Higher-Order programs with recursive types. ESOP, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. N. Kobayashi and C. H. L. Ong. A type system equivalent to the modal Mu-Calculus model checking of Higher-Order recursion schemes. LICS, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. N. Kobayashi, N. Tabuchi, and H. Unno. Higher-order multi-parameter tree transducers and recursion schemes for program verification. POPL, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. N. Kobayashi, R. Sato, and H. Unno. Predicate abstraction and CEGAR for higher-order model checking. PLDI, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. E. Larson and T. Austin. High coverage detection of input-related security faults. USENIX Security, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. P. Meunier, R. B. Findler, and M. Felleisen. Modular set-based analysis from contracts. In POPL '06, POPL, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. B. Meyer. Eiffel : The Language. 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. P. C. Nguyen, S. Tobin-Hochstadt, and D. Van Horn. Soft contract verification. CoRR, 2014. URL http://arxiv.org/abs/1307.6239. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. C. H. L. Ong. On Model-Checking trees generated by Higher-Order recursion schemes. LICS, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. R. Plosch. Design by contract for Python. 1997. APSEC/ICSC'97. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. P. M. Rondon, M. Kawaguci, and R. Jhala. Liquid types. PLDI, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. O. Shivers. Control flow analysis in Scheme. PLDI, 1988. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. T. S. Strickland, S. Tobin-Hochstadt, R. B. Findler, and M. Flatt. Chaperones and impersonators: run-time support for reasonable interposition. OOPSLA, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. T. Terauchi. Dependent types from counterexamples. POPL, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. S. Tobin-Hochstadt and M. Felleisen. Logical types for untyped languages. ICFP, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. S. Tobin-Hochstadt and D. Van Horn. Higher-order symbolic execution via contracts. OOPSLA, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. S. Tobin-Hochstadt, V. St-Amour, R. Culpepper, M. Flatt, and M. Felleisen. Languages as libraries. PLDI, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. T. Tsukada and N. Kobayashi. Untyped recursion schemes and infinite intersection types. FoSSaCS, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. D. Van Horn and M. Might. Abstracting abstract machines. ICFP, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. D. Van Horn and M. Might. Systematic abstraction of abstract machines. Journal of Functional Programming, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. N. Vazou, P. Rondon, and R. Jhala. Abstract refinement types. ESOP, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. N. Vazou, E. L. Seidel, R. Jhala, D. Vytiniotis, and S. Peyton-Jones. Refinement types for haskell. ICFP, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. D. Vytiniotis, S. Peyton Jones, K. Claessen, and D. Rosén. HALO: Haskell to logic through denotational semantics. POPL, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. A. K. Wright and R. Cartwright. A practical soft type system for Scheme. ACM Trans. Program. Lang. Syst., 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. D. N. Xu. Hybrid contract checking via symbolic simplification. PEPM, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. D. N. Xu, S. Peyton Jones, and S. Claessen. Static contract checking for Haskell. POPL, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. H. Zhu and S. Jagannathan. Compositional and lightweight dependent type inference for ML. 2013.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Soft contract verification

                Recommendations

                Comments

                Login options

                Check if you have access through your login credentials or your institution to get full access on this article.

                Sign in

                Full Access

                • Published in

                  cover image ACM SIGPLAN Notices
                  ACM SIGPLAN Notices  Volume 49, Issue 9
                  ICFP '14
                  September 2014
                  361 pages
                  ISSN:0362-1340
                  EISSN:1558-1160
                  DOI:10.1145/2692915
                  Issue’s Table of Contents
                  • cover image ACM Conferences
                    ICFP '14: Proceedings of the 19th ACM SIGPLAN international conference on Functional programming
                    August 2014
                    390 pages
                    ISBN:9781450328739
                    DOI:10.1145/2628136

                  Copyright © 2014 ACM

                  Publisher

                  Association for Computing Machinery

                  New York, NY, United States

                  Publication History

                  • Published: 19 August 2014

                  Check for updates

                  Qualifiers

                  • research-article

                PDF Format

                View or Download as a PDF file.

                PDF

                eReader

                View online with eReader.

                eReader
                About Cookies On This Site

                We use cookies to ensure that we give you the best experience on our website.

                Learn more

                Got it!