research-article

Enhancing spark's contract checking facilities using symbolic execution

Authors:
Jason Belt

Kansas State University, Manhattan, KS, USA

Kansas State University, Manhattan, KS, USA
View Profile

,
John Hatcliff

Kansas State University, Manhattan, KS, USA

Kansas State University, Manhattan, KS, USA
View Profile

,
Robby

Kansas State University, Manhattan, KS, USA

Kansas State University, Manhattan, KS, USA
View Profile

,
Patrice Chalin

Concordia University, Montreal, PQ, Canada

Concordia University, Montreal, PQ, Canada
View Profile

,
David Hardin

Rockwell Collins Advanced Technology Center, Cedar Rapids, IA, USA

Rockwell Collins Advanced Technology Center, Cedar Rapids, IA, USA
View Profile

,
Xianghua Deng

Google Inc., Mountain View, CA, USA

Google Inc., Mountain View, CA, USA
View Profile

SIGAda '11: Proceedings of the 2011 ACM annual international conference on Special interest group on the ada programming languageNovember 2011Pages 47–60https://doi.org/10.1145/2070337.2070357

Published:06 November 2011Publication History

SIGAda '11: Proceedings of the 2011 ACM annual international conference on Special interest group on the ada programming language

Pages 47–60

ABSTRACT

Spark, a subset of Ada for engineering safety and security-critical systems, is one of the best commercially available frameworks for formal-methods-supported development of critical software. Spark is designed for verification and includes a software contract language for specifying functional properties of procedures. Even though Spark and its static analysis components are beneficial and easy to use, its contract language is rarely used for stating properties beyond simple constraints on scalar values due to the burdens the associated tool support imposes on developers. Symbolic execution (SymExe) techniques have made significant strides in automating reasoning about deep semantic properties of source code. However, most work on SymExe has focused on bug-finding and test case generation as opposed to tasks that are more verification-oriented such as contract checking. In previous work we have presented: (a) SymExe techniques for checking software contracts in embedded critical systems, and (b) Bakar Kiasan, a tool that implements these techniques in an integrated development environment for Spark. In this paper, we give a detailed walk-through of Bakar Kiasan as it is applied to an industrial code base for an embedded security device. We illustrate how Bakar Kiasan provides significant increases in automation, usability, and functionality over existing Spark contract checking tools, and we present results from performance evaluations of its application to industrial examples.

References

T. Amtoft, J. Hatcliff, E. Rodrıguez, Robby, J. Hoag, and D. Greve. Specification and checking of software contracts for conditional information flow. In 15th International Symposium on Formal Methods (FM), pages 229--245. Springer, 2008. Google ScholarDigital Library
J. Barnes. High Integrity Software -- the SPARK Approach to Safety and Security. Addison-Wesley, 2003. Google ScholarDigital Library
C. Barrett and C. Tinelli. CVC3. In 19th International Conference on Computer Aided Verification (CAV), volume 4590 of Lecture Notes in Computer Science, pages 298--302. Springer, 2007. Google ScholarDigital Library
J. Belt, J. Hatcliff, Robby, P. Chalin, D. Hardin, and X. Deng. Bakar kiasan: Flexible contract checking for critical systems using symbolic execution. In NASA Formal Methods, volume 6617 of Lecture Notes in Computer Science, pages 58--72. Springer, 2011. Google ScholarDigital Library
J. Belt, Robby, and X. Deng. Sireum/Topi LDP: A lightweight semi-decision procedure for optimizing symbolic execution-based analyses. In Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), pages 355--364, 2009. Google ScholarDigital Library
C. Cadar, D. Dunbar, and D. R. Engler. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 209--224. USENIX Association, 2008. Google ScholarDigital Library
B.-Y. E. Chang and K. R. M. Leino. Inferring object invariants: Extended abstract. Electr. Notes Theor. Comput. Sci., 131:63--74, 2005. Google ScholarDigital Library
AdaCore/SofCheck CodePeer tool set. http://www.adacore.com/home/products/codepeer/toolset/.Google Scholar
The Coq proof assistant. http://coq.inria.fr/.Google Scholar
L. M. de Moura and N. Bjørner. Z3: An efficient SMT solver. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 4963 of Lecture Notes in Computer Science, pages 337--340. Springer, 2008. Google ScholarDigital Library
X. Deng, J. Lee, and Robby. Efficient symbolic execution algorithms for programs manipulating dynamic heap objects. Technical Report SAnToS-TR2009-09--25, Kansas State University, September 2009.Google Scholar
X. Deng, R. Walker, and Robby. Program behavioral benchmarks for evaluating path-sensitive bounded verification techniques. Technical Report SAnToS-TR2010-08--20, Kansas State University, 2010.Google Scholar
B. Dutertre and L. de Moura. The Yices SMT solver. Tool paper at http://yices.csl.sri.com/tool-paper.pdf, August 2006.Google Scholar
J. C. Filliâtre and C. Marché. The why/krakatoa/caduceus platform for deductive program verification. In Proceedings of the 19th international conference on Computer aided verification, CAV'07, pages 173--177, Berlin, Heidelberg, 2007. Springer-Verlag. Google ScholarDigital Library
Frama-C website. http://frama-c.com/.Google Scholar
P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation (PLDI), pages 213--223. ACM Press, 2005. Google ScholarDigital Library
W. Grieskamp, N. Tillmann, and W. Schulte. XRT--exploring runtime for .NET: Architecture and applications. Workshop on Software Model Checking, 2005.Google Scholar
S. L. Hantler and J. C. King. An introduction to proving the correctness of programs. ACM Computing Surveys (CSUR), 8(3):331--353, September 1976. Google ScholarDigital Library
The AdaCore Hi-Lite project. http://www.open-do.org/projects/hi-lite/.Google Scholar
D. Jackson. Alloy: a lightweight object modelling notation. ACM Transactions on Software Engineering and Methodology (TOSEM), 11(2):256 -- 290, apr 2002. Google ScholarDigital Library
P. Jackson and G. Passmore. Proving SPARK verification conditions with SMT solvers, 2009. Draft journal article. http://homepages.inf.ed.ac.uk/pbj/papers/vct-dec09-draft.pdf.Google Scholar
S. Khurshid, C. S. P\uas\uareanu, and W. Visser. Generalized symbolic execution for model checking and testing. Tools and Algorithms for Construction and Analysis of Systems (TACAS), pages 553--568, 2003. Google ScholarDigital Library
J. C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385--394, 1976. Google ScholarDigital Library
D. Kroening and O. Strichman. Decision Procedures -- An Algorithmic Point of View. Springer, 2008. Google ScholarDigital Library
K. R. M. Leino and F. Logozzo. Loop invariants on demand. In K. Yi, editor, APLAS, volume 3780 of Lecture Notes in Computer Science, pages 119--134. Springer, 2005. Google ScholarDigital Library
B. Rossebo, P. Oman, J. Alves-Foss, R. Blue, and P. Jaszkowiak. Using SPARK-Ada to model and verify a MILS message router. In Proceedings of the International Symposium on Secure Software Engineering, 2006.Google Scholar
J. Rushby. The design and verification of secure systems. In 8th ACM Symposium on Operating Systems Principles, volume 15(5), pages 12--21, 1981. Google ScholarDigital Library
K. Sen and G. Agha. CUTE: A concolic unit testing engine for C. In ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE), pages 263--272, 2005. Google ScholarDigital Library
N. Tillmann and J. de Halleux. Pex--white box test generation for .NET. In 2nd International Conference on Tests and Proofs (TAP), volume 4966 of Lecture Notes in Computer Science, pages 134--153. Springer, 2008. Google ScholarDigital Library
Victor website. http://homepages.inf.ed.ac.uk/pbj/spark/victor.html.Google Scholar

Index Terms

Recommendations

Enhancing spark's contract checking facilities using symbolic execution

Spark, a subset of Ada for engineering safety and security-critical systems, is one of the best commercially available frameworks for formal-methods-supported development of critical software. Spark is designed for verification and includes a software ...
Read More
Leading-edge Ada verification technologies: highly automated Ada contract checking using bakar kiasan
HILT '12: Proceedings of the 2012 ACM conference on High integrity language technology

This tutorial presents a new approach to Spark/Ada contract checking using Bakar Kiasan--a highly automated, evidence-based symbolic execution tool. Bakar Kiasan aims to lower the barrier of entry and reduce the burden of engineers as they specify and ...
Read More
Parallel property checking with staged symbolic execution
SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing

While annotating functional correctness properties of code is useful in many bug finding techniques, efficiently checking properties in practice remains challenging. Symbolic execution is a powerful technique for systematically checking properties; ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SIGAda '11: Proceedings of the 2011 ACM annual international conference on Special interest group on the ada programming language
November 2011
104 pages
ISBN:9781450310284
DOI:10.1145/2070337
Conference Chair:
Ricky E. Sward
The MITRE Corporation
,
Editors:
Michael Feldman
George Washington Univ., retired
,
Dan Eilers
Irvine Compiler Corporation
,
Jean-Pierre Rosen
Adalog
,
Frank Singhoff
European University of Brittany
,
Julien DeLange
European Space Agency
,
Mark Gardinier
Advanced Technologies, Inc.
,
Karl Nyberg
Grebyn Corporation
,
Program Chair:
Jeff Boleng
US Air Force Academy
ACM SIGAda Ada Letters Volume 31, Issue 3
December 2011
81 pages
ISSN:1094-3641
DOI:10.1145/2070336
Issue’s Table of Contents
Copyright © 2011 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 6 November 2011
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
program analysis
spark
symbolic execution
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 243
  Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Enhancing spark's contract checking facilities using symbolic execution

SIGAda '11: Proceedings of the 2011 ACM annual international conference on Special interest group on the ada programming language

ABSTRACT

References

Cited By

Index Terms

Recommendations

Enhancing spark's contract checking facilities using symbolic execution

Leading-edge Ada verification technologies: highly automated Ada contract checking using bakar kiasan

Parallel property checking with staged symbolic execution