research-article

Enhancing spark's contract checking facilities using symbolic execution

Authors:

Patrice Chalin,

Xianghua DengAuthors Info & Claims

SIGAda '11: Proceedings of the 2011 ACM annual international conference on Special interest group on the ada programming language

Pages 47 - 60

https://doi.org/10.1145/2070337.2070357

Published: 06 November 2011 Publication History

Abstract

Spark, a subset of Ada for engineering safety and security-critical systems, is one of the best commercially available frameworks for formal-methods-supported development of critical software. Spark is designed for verification and includes a software contract language for specifying functional properties of procedures. Even though Spark and its static analysis components are beneficial and easy to use, its contract language is rarely used for stating properties beyond simple constraints on scalar values due to the burdens the associated tool support imposes on developers. Symbolic execution (SymExe) techniques have made significant strides in automating reasoning about deep semantic properties of source code. However, most work on SymExe has focused on bug-finding and test case generation as opposed to tasks that are more verification-oriented such as contract checking. In previous work we have presented: (a) SymExe techniques for checking software contracts in embedded critical systems, and (b) Bakar Kiasan, a tool that implements these techniques in an integrated development environment for Spark. In this paper, we give a detailed walk-through of Bakar Kiasan as it is applied to an industrial code base for an embedded security device. We illustrate how Bakar Kiasan provides significant increases in automation, usability, and functionality over existing Spark contract checking tools, and we present results from performance evaluations of its application to industrial examples.

References

[1]

T. Amtoft, J. Hatcliff, E. Rodrıguez, Robby, J. Hoag, and D. Greve. Specification and checking of software contracts for conditional information flow. In 15th International Symposium on Formal Methods (FM), pages 229--245. Springer, 2008.

Digital Library

[2]

J. Barnes. High Integrity Software -- the SPARK Approach to Safety and Security. Addison-Wesley, 2003.

Digital Library

[3]

C. Barrett and C. Tinelli. CVC3. In 19th International Conference on Computer Aided Verification (CAV), volume 4590 of Lecture Notes in Computer Science, pages 298--302. Springer, 2007.

Digital Library

[4]

J. Belt, J. Hatcliff, Robby, P. Chalin, D. Hardin, and X. Deng. Bakar kiasan: Flexible contract checking for critical systems using symbolic execution. In NASA Formal Methods, volume 6617 of Lecture Notes in Computer Science, pages 58--72. Springer, 2011.

Digital Library

[5]

J. Belt, Robby, and X. Deng. Sireum/Topi LDP: A lightweight semi-decision procedure for optimizing symbolic execution-based analyses. In Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), pages 355--364, 2009.

Digital Library

[6]

C. Cadar, D. Dunbar, and D. R. Engler. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 209--224. USENIX Association, 2008.

Digital Library

[7]

B.-Y. E. Chang and K. R. M. Leino. Inferring object invariants: Extended abstract. Electr. Notes Theor. Comput. Sci., 131:63--74, 2005.

Digital Library

[8]

AdaCore/SofCheck CodePeer tool set. http://www.adacore.com/home/products/codepeer/toolset/.

[9]

The Coq proof assistant. http://coq.inria.fr/.

[10]

L. M. de Moura and N. Bjørner. Z3: An efficient SMT solver. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 4963 of Lecture Notes in Computer Science, pages 337--340. Springer, 2008.

Digital Library

[11]

X. Deng, J. Lee, and Robby. Efficient symbolic execution algorithms for programs manipulating dynamic heap objects. Technical Report SAnToS-TR2009-09--25, Kansas State University, September 2009.

[12]

X. Deng, R. Walker, and Robby. Program behavioral benchmarks for evaluating path-sensitive bounded verification techniques. Technical Report SAnToS-TR2010-08--20, Kansas State University, 2010.

[13]

B. Dutertre and L. de Moura. The Yices SMT solver. Tool paper at http://yices.csl.sri.com/tool-paper.pdf, August 2006.

[14]

J. C. Filliâtre and C. Marché. The why/krakatoa/caduceus platform for deductive program verification. In Proceedings of the 19th international conference on Computer aided verification, CAV'07, pages 173--177, Berlin, Heidelberg, 2007. Springer-Verlag.

Digital Library

[15]

Frama-C website. http://frama-c.com/.

[16]

P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation (PLDI), pages 213--223. ACM Press, 2005.

Digital Library

[17]

W. Grieskamp, N. Tillmann, and W. Schulte. XRT--exploring runtime for .NET: Architecture and applications. Workshop on Software Model Checking, 2005.

[18]

S. L. Hantler and J. C. King. An introduction to proving the correctness of programs. ACM Computing Surveys (CSUR), 8(3):331--353, September 1976.

Digital Library

[19]

The AdaCore Hi-Lite project. http://www.open-do.org/projects/hi-lite/.

[20]

D. Jackson. Alloy: a lightweight object modelling notation. ACM Transactions on Software Engineering and Methodology (TOSEM), 11(2):256 -- 290, apr 2002.

Digital Library

[21]

P. Jackson and G. Passmore. Proving SPARK verification conditions with SMT solvers, 2009. Draft journal article. http://homepages.inf.ed.ac.uk/pbj/papers/vct-dec09-draft.pdf.

[22]

S. Khurshid, C. S. P\uas\uareanu, and W. Visser. Generalized symbolic execution for model checking and testing. Tools and Algorithms for Construction and Analysis of Systems (TACAS), pages 553--568, 2003.

Digital Library

[23]

J. C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385--394, 1976.

Digital Library

[24]

D. Kroening and O. Strichman. Decision Procedures -- An Algorithmic Point of View. Springer, 2008.

Digital Library

[25]

K. R. M. Leino and F. Logozzo. Loop invariants on demand. In K. Yi, editor, APLAS, volume 3780 of Lecture Notes in Computer Science, pages 119--134. Springer, 2005.

Digital Library

[26]

B. Rossebo, P. Oman, J. Alves-Foss, R. Blue, and P. Jaszkowiak. Using SPARK-Ada to model and verify a MILS message router. In Proceedings of the International Symposium on Secure Software Engineering, 2006.

[27]

J. Rushby. The design and verification of secure systems. In 8th ACM Symposium on Operating Systems Principles, volume 15(5), pages 12--21, 1981.

Digital Library

[28]

K. Sen and G. Agha. CUTE: A concolic unit testing engine for C. In ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE), pages 263--272, 2005.

Digital Library

[29]

N. Tillmann and J. de Halleux. Pex--white box test generation for .NET. In 2nd International Conference on Tests and Proofs (TAP), volume 4966 of Lecture Notes in Computer Science, pages 134--153. Springer, 2008.

Digital Library

[30]

Victor website. http://homepages.inf.ed.ac.uk/pbj/spark/victor.html.

Cited By

Hentschel MBubel RHähnle R(2018)The Symbolic Execution Debugger (SED): a platform for interactive symbolic execution, debugging, verification and moreInternational Journal on Software Tools for Technology Transfer10.1007/s10009-018-0490-9Online publication date: 3-Mar-2018
https://doi.org/10.1007/s10009-018-0490-9

Index Terms

Recommendations

Enhancing spark's contract checking facilities using symbolic execution

Spark, a subset of Ada for engineering safety and security-critical systems, is one of the best commercially available frameworks for formal-methods-supported development of critical software. Spark is designed for verification and includes a software ...
Leading-edge Ada verification technologies: highly automated Ada contract checking using bakar kiasan
HILT '12: Proceedings of the 2012 ACM conference on High integrity language technology

This tutorial presents a new approach to Spark/Ada contract checking using Bakar Kiasan--a highly automated, evidence-based symbolic execution tool. Bakar Kiasan aims to lower the barrier of entry and reduce the burden of engineers as they specify and ...
Parallel property checking with staged symbolic execution
SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing

While annotating functional correctness properties of code is useful in many bug finding techniques, efficiently checking properties in practice remains challenging. Symbolic execution is a powerful technique for systematically checking properties; ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGAda '11: Proceedings of the 2011 ACM annual international conference on Special interest group on the ada programming language

November 2011

104 pages

ISBN:9781450310284

DOI:10.1145/2070337

Conference Chair:
Ricky E. Sward
The MITRE Corporation
,
Editors:
Michael Feldman
George Washington Univ., retired
,
Dan Eilers
Irvine Compiler Corporation
,
Jean-Pierre Rosen
Adalog
,
Frank Singhoff
European University of Brittany
,
Julien DeLange
European Space Agency
,
Mark Gardinier
Advanced Technologies, Inc.
,
Karl Nyberg
Grebyn Corporation
,
Program Chair:
Jeff Boleng
US Air Force Academy

ACM SIGAda Ada Letters Volume 31, Issue 3
December 2011
81 pages
ISSN:1094-3641
DOI:10.1145/2070336
Issue’s Table of Contents

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAda: ACM Special Interest Group on Ada Programming Language

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGAda '11

Sponsor:

SIGAda

SIGAda '11: ACM SIGAda Annual International Conference

November 6 - 10, 2011

Colorado, Denver, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
244
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hentschel MBubel RHähnle R(2018)The Symbolic Execution Debugger (SED): a platform for interactive symbolic execution, debugging, verification and moreInternational Journal on Software Tools for Technology Transfer10.1007/s10009-018-0490-9Online publication date: 3-Mar-2018
https://doi.org/10.1007/s10009-018-0490-9

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents