skip to main content

A type system for extracting functional specifications from memory-safe imperative programs

Published:15 October 2021Publication History
Skip Abstract Section

Abstract

Verifying imperative programs is hard. A key difficulty is that the specification of what an imperative program does is often intertwined with details about pointers and imperative state. Although there are a number of powerful separation logics that allow the details of imperative state to be captured and managed, these details are complicated and reasoning about them requires significant time and expertise. In this paper, we take a different approach: a memory-safe type system that, as part of type-checking, extracts functional specifications from imperative programs. This disentangles imperative state, which is handled by the type system, from functional specifications, which can be verified without reference to pointers. A key difficulty is that sometimes memory safety depends crucially on the functional specification of a program; e.g., an array index is only memory-safe if the index is in bounds. To handle this case, our specification extraction inserts dynamic checks into the specification. Verification then requires the additional proof that none of these checks fail. However, these checks are in a purely functional language, and so this proof also requires no reasoning about pointers.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

This is a video of the talk for A Type System for Extracting Functional Specifications from Memory-Safe Imperative Programs at OOPSLA 2021.

References

  1. Andrew W. Appel, Robert Dockins, Aquinas Hobor, Lennart Beringer, Josiah Dodds, Gordon Stewart, Sandrine Blazy, and Xavier Leroy. 2014. Program Logics for Certified Compilers. Cambridge University Press.Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Vytautas Astrauskas, Peter Müller, Federico Poli, and Alexander J. Summers. 2019. Leveraging Rust Types for Modular Specification and Verification. In Proceedings of the 34th Annual ACM Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA).Google ScholarGoogle Scholar
  3. Lennart Beringer and Andrew W. Appel. 2019. Abstraction and Subsumption in Modular Verification of C Programs. In Proceedings of the 23rd International Symposium on Formal Methods (FM).Google ScholarGoogle Scholar
  4. Aleš Bizjak and Lars Birkedal. 2017. On Models of Higher-Order Separation Logic. In Proceedings of the 33rd Conference on the Mathematical Foundations of Programming Semantics.Google ScholarGoogle Scholar
  5. Samuel Boutin. 1997. Using reflection to build efficient and certified decision procedures. In Proceedings of the Third International Symposium on Theoretical Aspects of Computer Software (TACS).Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Michael C Browne, Edmund Clarke, and Orna Grumberg. 1988. Characterizing finite Kripke structures in propositional temporal logic. Theoretical Computer Science, 59 (1988).Google ScholarGoogle Scholar
  7. Cristiano Calcagno, Peter W. O’Hearn, and Hongseok Yang. 2007. Local Action and Abstract Separation Logic. In Proceedings of the Twenty-Second Annual IEEE Symposium on Logic in Computer Science (LICS).Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Andrey Chudnov, Nathan Collins, Byron Cook, Joey Dodds, Brian Huffman, Colm MacCárthaigh, Stephen Magill, Eric Mertens, Eric Mullen, Serdar Tasiran, Aaron Tomb, and Eddy Westbrook. 2018. Continuous Formal Verification of Amazon s2n. In Proceedings of the 30th International Conference on Computer Aided Verification (CAV).Google ScholarGoogle ScholarCross RefCross Ref
  9. Edmund M. Clarke and E. Allen Emerson. 1981. Design and synthesis of synchronization skeletons using branching time temporal logic. In Proceedings of the Workshop on Logics of Programs.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Edmund M. Clarke, Orna Grumberg, and Doron A. Peled. 1999. Model Checking. MIT Press.Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Rocco de Nicola and Frits Vaandrager. 1990. Three Logics for Branching Bisimulation. In Proceedings of the Fifth Annual IEEE Symposium on Logic in Computer Science (LICS).Google ScholarGoogle ScholarCross RefCross Ref
  12. Thomas Dinsdale-Young, Lars Birkedal, Philippa Gardner, Matthew Parkinson, and Hongseok Yang. 2013. Views: Compositional Reasoning for Concurrent Programs. In Proceedings of the 40th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL).Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Robert Dockins, Adam Foltzer, Joe Hendrix, Brian Huffman, Dylan McNamee, and Aaron Tomb. 2016. Constructing Semantic Models of Programs with the Software Analysis Workbench. In Proceedings of the 8th International Conference on Verified Software. Theories, Tools, and Experiments (VSTTE).Google ScholarGoogle ScholarCross RefCross Ref
  14. Mike Dodds, Xinyu Feng, Matthew Parkinson, and Viktor Vafeiadis. 2009. Deny-Guarantee Reasoning. In 18th European Symposium on Programming (ESOP).Google ScholarGoogle Scholar
  15. Xinyu Feng. 2009. Local Rely-Guarantee Reasoning. In Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL).Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Léon Gondelman, Simon Oddershede Gregersen, Abel Nieto, Amin Timany, and Lars Birkedal. 2021. Distributed Causal Memory: Modular Specification and Verification in Higher-Order Distributed Separation Logic. In Proceedings of the 48th Annual ACM SIGPLAN Symposium on Principles of Programming Languages (POPL).Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Colin S. Gordon, Michael D. Ernst, and Dan Grossman. 2013. Rely-Guarantee References for Refinement Types over Aliased Mutable Data. In Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI).Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Claudio Jeker. 2008. OpenBSD Network Stack Internals. In Proceedings of AsiaBSDCon.Google ScholarGoogle Scholar
  19. Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Aleš Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. Journal of Functional Programming, 28 (2018).Google ScholarGoogle Scholar
  20. Ralf Jung, Rodolphe Lepigre, Gaurav Parthasarathy, Marianna Rapoport, Amin Timany, Derek Dreyer, and Bart Jacobs. 2020. The future is ours: prophecy variables in separation logic. In Proceedings of the 47th Annual ACM SIGPLAN Symposium on Principles of Programming Languages (POPL).Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Joseph Turon, Lars Birkedal, and Derek R Dreyer. 2015. Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning. In Proceedings of the 42nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL).Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Nicolas Koh, Yao Li, Yishuai Li, Li-yao Xia, Lennart Beringer, Wolf Honoré, William Mansky, Benjamin C. Pierce, and Steve Zdancewic. 2019. From C to Interaction Trees: Specifying, Verifying, and Testing a Networked Server. In Proceedings of the 8th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP 2019). Association for Computing Machinery, New York, NY, USA. 234–248. isbn:9781450362221 https://doi.org/10.1145/3293880.3294106 Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Siddharth Krishna, Nisarg Patel, Dennis Shasha, and Thomas Wies. 2020. Verifying Concurrent Search Structure Templates. In Proceedings of the 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI).Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Xavier Leroy and Sandrine Blazy. 2008. Formal verification of a C-like memory model and its uses for verifying program transformations. Journal of Automated Reasoning, 41, 1 (2008).Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Kenji Maillard, Danel Ahman, Robert Atkey, Guido Martinez, Catalin Hritcu, Exequiel Rivas, and Éric Tanter. 2019. Dijkstra Monads for All. In Proceedings of the 24th ACM SIGPLAN International Conference on Functional Programming (ICFP).Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Gregory Malecha, Adam Chlipala, and Thomas Braibant. 2014. Compositional Computational Reflection. In Proceedings of the 5th International Conference on Interactive Theorem Proving (ITP).Google ScholarGoogle ScholarCross RefCross Ref
  27. Yusuke Matsushita, Takeshi Tsukada, and Naoki Kobayashi. 2020. RustHorn: CHC-based verification for Rust programs. In European Symposium on Programming. 484–514.Google ScholarGoogle ScholarCross RefCross Ref
  28. Robin Milner. 1978. A theory of type polymorphism in programming. Journal of computer and system sciences, 17, 3 (1978), 348–375.Google ScholarGoogle ScholarCross RefCross Ref
  29. Peter Müller, Malte Schwerhoff, and Alexander J. Summers. 2016. Viper: A Verification Infrastructure for Permission-Based Reasoning. In Proceedings of the 17th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI).Google ScholarGoogle Scholar
  30. Matthew J. Parkinson and Alexander J. Summers. 2011. The Relationship between Separation Logic and Implicit Dynamic Frames. In Proceedings of the 20th European Symposium on Programming (ESOP).Google ScholarGoogle Scholar
  31. Redox Developers. [n.d.]. The Redox Operating System. https://doc.redox-os.org/book/ Accessed: Nov 13, 2020.Google ScholarGoogle Scholar
  32. John C Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science (LICS).Google ScholarGoogle ScholarCross RefCross Ref
  33. Lucas Silver and Steve Zdancewic. 2021. Dijkstra Monads Forever: Termination-Sensitive Specifications for Interaction Trees. In 48th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL).Google ScholarGoogle Scholar
  34. Jan Smans, Bart Jacobs, and Frank Piessens. 2012. Implicit dynamic frames. ACM Transactions on Programming Languages and Systems, 34, 1 (2012).Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Christoph Sprenger, Tobias Klenze, Marco Eilers, Felix A. Wolf, Peter Müller, Martin Clochard, and David Basin. 2020. Igloo: Soundly Linking Compositional Refinement and Separation Logic for Distributed System Verification. In Proceedings of the 2020 ACM SIGPLAN International Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA).Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Wouter Swierstra. 2008. Datatypes à la Carte. Journal of Functional Programming, 18, 4 (2008).Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Sebastian Ullrich. 2016. Simple Verification of Rust Programs via Functional Purification. Master’s thesis. Karlsruhe Institute of Technology.Google ScholarGoogle Scholar
  38. Viktor Vafeiadis and Matthew Parkinson. 2007. A Marriage of Rely/Guarantee and Separation Logic. In Proceedings of the 18th International Conference on Concurrency Theory (CONCUR).Google ScholarGoogle ScholarCross RefCross Ref
  39. Li-yao Xia, Yannick Zakowski, Paul He, Chung-Kil Hur, Gregory Malecha, Benjamin C. Pierce, and Steve Zdancewic. 2020. Interaction Trees. In Proceedings of the 47th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL).Google ScholarGoogle Scholar

Index Terms

  1. A type system for extracting functional specifications from memory-safe imperative programs

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Article Metrics

          • Downloads (Last 12 months)191
          • Downloads (Last 6 weeks)12

          Other Metrics

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!