Abstract
Behavioral software contracts are a widely used mechanism for governing the flow of values between components. However, run-time monitoring and enforcement of contracts imposes significant overhead and delays discovery of faulty components to run-time.
To overcome these issues, we present soft contract verification, which aims to statically prove either complete or partial contract correctness of components, written in an untyped, higher-order language with first-class contracts. Our approach uses higher-order symbolic execution, leveraging contracts as a source of symbolic values including unknown behavioral values, and employs an updatable heap of contract invariants to reason about flow-sensitive facts. We prove the symbolic execution soundly approximates the dynamic semantics and that verified programs can't be blamed.
The approach is able to analyze first-class contracts, recursive data structures, unknown functions, and control-flow-sensitive refinements of values, which are all idiomatic in dynamic languages. It makes effective use of an off-the-shelf solver to decide problems without heavy encodings. The approach is competitive with a wide range of existing tools - including type systems, flow analyzers, and model checkers - on their own benchmarks.
- A. Aiken, E. L. Wimmers, and T. K. Lakshman. Soft typing with conditional types. POPL, 1994. Google Scholar
Digital Library
- T. H. Austin, T. Disney, and C. Flanagan. Virtual values for language extension. OOPSLA, 2011. Google Scholar
Digital Library
- C. Barrett, C. Conway, M. Deters, L. Hadarean, D. Jovanović, T. King, A. Reynolds, and C. Tinelli. CVC4. CAV. 2011.Google Scholar
- R. Cartwright and M. Fagan. Soft typing. PLDI, 1991. Google Scholar
Digital Library
- R. Cartwright and M. Felleisen. Program verification through soft typing. ACM Comput. Surv., 1996. Google Scholar
Digital Library
- R. Chugh, D. Herman, and R. Jhala. Dependent types for JavaScript. In OOPSLA, 2012a. Google Scholar
Digital Library
- R. Chugh, P. M. Rondon, and R. Jhala. Nested refinements: A logic for duck typing. In POPL, 2012b. Google Scholar
Digital Library
- L. De Moura and N. Bjørner. Z3: an efficient SMT solver. TACAS, 2008. Google Scholar
Digital Library
- C. Dimoulas, R. B. Findler, C. Flanagan, and M. Felleisen. Correct blame for contracts: no more scapegoating. POPL, 2011. Google Scholar
Digital Library
- T. Disney. contracts.coffee, July 2013. URL http://disnetdev.com/contracts.coffee/.Google Scholar
- T. Disney, C. Flanagan, and J. McCarthy. Temporal higher-order contracts. ICFP, 2011. Google Scholar
Digital Library
- M. Fähndrich and F. Logozzo. Static contract checking with abstract interpretation. FoVeOOS, 2011. Google Scholar
Digital Library
- R. B. Findler and M. Felleisen. Contracts for higher-order functions. ICFP, 2002. Google Scholar
Digital Library
- C. Flanagan and M. Felleisen. Componential set-based analysis. ACM Trans. Program. Lang. Syst., 1999. Google Scholar
Digital Library
- C. Flanagan, M. Flatt, S. Krishnamurthi, S. Weirich, and M. Felleisen. Catching bugs in the web of program invariants. PLDI, 1996. Google Scholar
Digital Library
- T. Freeman and F. Pfenning. Refinement types for ML. PLDI, 1991. Google Scholar
Digital Library
- F. Henglein. Dynamic typing: syntax and proof theory. Science of Computer Programming, 1994. Google Scholar
Digital Library
- R. Hickey, M. Fogus, and contributors. core.contracts, July 2013. URL https://github.com/clojure/core.contracts.Google Scholar
- J. I. Johnson and D. Van Horn. Abstracting abstract control. CoRR, 2014. URL http://arxiv.org/abs/1305.3163.Google Scholar
- K. Knowles and C. Flanagan. Hybrid type checking. ACM Trans. Program. Lang. Syst., 2010. Google Scholar
Digital Library
- N. Kobayashi. Model-checking higher-order functions. PPDP, 2009a. Google Scholar
Digital Library
- N. Kobayashi. Types and higher-order recursion schemes for verification of higher-order programs. POPL, 2009b. Google Scholar
Digital Library
- N. Kobayashi and A. Igarashi. Model-Checking Higher-Order programs with recursive types. ESOP, 2013. Google Scholar
Digital Library
- N. Kobayashi and C. H. L. Ong. A type system equivalent to the modal Mu-Calculus model checking of Higher-Order recursion schemes. LICS, 2009. Google Scholar
Digital Library
- N. Kobayashi, N. Tabuchi, and H. Unno. Higher-order multi-parameter tree transducers and recursion schemes for program verification. POPL, 2010. Google Scholar
Digital Library
- N. Kobayashi, R. Sato, and H. Unno. Predicate abstraction and CEGAR for higher-order model checking. PLDI, 2011. Google Scholar
Digital Library
- E. Larson and T. Austin. High coverage detection of input-related security faults. USENIX Security, 2003. Google Scholar
Digital Library
- P. Meunier, R. B. Findler, and M. Felleisen. Modular set-based analysis from contracts. In POPL '06, POPL, 2006. Google Scholar
Digital Library
- B. Meyer. Eiffel : The Language. 1991. Google Scholar
Digital Library
- P. C. Nguyen, S. Tobin-Hochstadt, and D. Van Horn. Soft contract verification. CoRR, 2014. URL http://arxiv.org/abs/1307.6239. Google Scholar
Digital Library
- C. H. L. Ong. On Model-Checking trees generated by Higher-Order recursion schemes. LICS, 2006. Google Scholar
Digital Library
- R. Plosch. Design by contract for Python. 1997. APSEC/ICSC'97. Google Scholar
Digital Library
- P. M. Rondon, M. Kawaguci, and R. Jhala. Liquid types. PLDI, 2008. Google Scholar
Digital Library
- O. Shivers. Control flow analysis in Scheme. PLDI, 1988. Google Scholar
Digital Library
- T. S. Strickland, S. Tobin-Hochstadt, R. B. Findler, and M. Flatt. Chaperones and impersonators: run-time support for reasonable interposition. OOPSLA, 2012. Google Scholar
Digital Library
- T. Terauchi. Dependent types from counterexamples. POPL, 2010. Google Scholar
Digital Library
- S. Tobin-Hochstadt and M. Felleisen. Logical types for untyped languages. ICFP, 2010. Google Scholar
Digital Library
- S. Tobin-Hochstadt and D. Van Horn. Higher-order symbolic execution via contracts. OOPSLA, 2012. Google Scholar
Digital Library
- S. Tobin-Hochstadt, V. St-Amour, R. Culpepper, M. Flatt, and M. Felleisen. Languages as libraries. PLDI, 2011. Google Scholar
Digital Library
- T. Tsukada and N. Kobayashi. Untyped recursion schemes and infinite intersection types. FoSSaCS, 2010. Google Scholar
Digital Library
- D. Van Horn and M. Might. Abstracting abstract machines. ICFP, 2010. Google Scholar
Digital Library
- D. Van Horn and M. Might. Systematic abstraction of abstract machines. Journal of Functional Programming, 2012. Google Scholar
Digital Library
- N. Vazou, P. Rondon, and R. Jhala. Abstract refinement types. ESOP, 2013. Google Scholar
Digital Library
- N. Vazou, E. L. Seidel, R. Jhala, D. Vytiniotis, and S. Peyton-Jones. Refinement types for haskell. ICFP, 2014. Google Scholar
Digital Library
- D. Vytiniotis, S. Peyton Jones, K. Claessen, and D. Rosén. HALO: Haskell to logic through denotational semantics. POPL, 2013. Google Scholar
Digital Library
- A. K. Wright and R. Cartwright. A practical soft type system for Scheme. ACM Trans. Program. Lang. Syst., 1997. Google Scholar
Digital Library
- D. N. Xu. Hybrid contract checking via symbolic simplification. PEPM, 2012. Google Scholar
Digital Library
- D. N. Xu, S. Peyton Jones, and S. Claessen. Static contract checking for Haskell. POPL, 2009. Google Scholar
Digital Library
- H. Zhu and S. Jagannathan. Compositional and lightweight dependent type inference for ML. 2013.Google Scholar
Digital Library
Index Terms
Soft contract verification
Recommendations
Soft contract verification for higher-order stateful programs
Software contracts allow programmers to state rich program properties using the full expressive power of an object language. However, since they are enforced at runtime, monitoring contracts imposes significant overhead and delays error discovery. So ...
Soft contract verification
ICFP '14: Proceedings of the 19th ACM SIGPLAN international conference on Functional programmingBehavioral software contracts are a widely used mechanism for governing the flow of values between components. However, run-time monitoring and enforcement of contracts imposes significant overhead and delays discovery of faulty components to run-time.
...
Higher-order symbolic execution via contracts
OOPSLA '12We present a new approach to automated reasoning about higher-order programs by extending symbolic execution to use behavioral contracts as symbolic values, thus enabling symbolic approximation of higher-order behavior.
Our approach is based on the idea ...







Comments