research-article

Type-Driven Verification of Non-functional Properties

Authors:
Christopher Brown

University of St Andrews, Scotland, UK

University of St Andrews, Scotland, UK
View Profile

,
Adam D. Barwell

University of St Andrews, Scotland, UK

University of St Andrews, Scotland, UK
View Profile

,
Yoann Marquer

Inria, Univ Rennes, CNRS, IRISA, France

Inria, Univ Rennes, CNRS, IRISA, France
View Profile

,
Céline Minh

Inria, Univ Rennes, CNRS, IRISA, France

Inria, Univ Rennes, CNRS, IRISA, France
View Profile

,
Olivier Zendra

Inria, Univ Rennes, CNRS, IRISA, France

Inria, Univ Rennes, CNRS, IRISA, France
View Profile

PPDP '19: Proceedings of the 21st International Symposium on Principles and Practice of Declarative ProgrammingOctober 2019Article No.: 6Pages 1–15https://doi.org/10.1145/3354166.3354171

Published:07 October 2019Publication History

PPDP '19: Proceedings of the 21st International Symposium on Principles and Practice of Declarative Programming

Pages 1–15

ABSTRACT

Energy, Time and Security (ETS) properties of programs are becoming increasingly prioritised by developers, especially where applications are running on ETS sensitive systems, such as embedded devices or the Internet of Things. Moreover, developers currently lack tools and language properties to allow them to reason about ETS. In this paper, we introduce a new contract specification framework, called Drive, which allows a developer to reason about ETS or other non-functional properties of their programs as first-class properties of the language. Furthermore, we introduce a contract specification language, allowing developers to reason about these first-class ETS properties by expressing contracts that are proved correct by an underlying formal type system. Finally, we show our contract framework over a number of representable examples, demonstrating provable worst-case ETS properties.

References

Xc specification ver. 1.0 (x5965a) (2011), https://www.xmos.com/developer/xc-specificationGoogle Scholar
Albert, E., Arenas, P., Puebla, G., Hermenegildo, M.V.: Certificate size reduction in abstraction-carrying code. TPLP 12(3), 283--318 (2012)Google ScholarDigital Library
Andrei, A., Eles, P., Jovanovic, O., Schmitz, M.T., Ogniewski, J., Peng, Z.: Quasi-static voltage scaling for energy minimization with time constraints. IEEE Trans. VLSI Syst. 19(1), 10--23 (2011)Google ScholarDigital Library
Bell, D.E., La Padula, L.J.: Secure computer system: Unified exposition and multics interpretation. In: Tech report ESD-TR-75-306. pp. 1--133. Mitre Corp, Bedford, Ma. (1976)Google Scholar
Brady, E.C.: Idris --: Systems programming meets full dependent types. In: Proceedings of the 5th ACM Workshop on Programming Languages Meets Program Verification. pp. 43--54. PLPV '11, ACM, New York, NY, USA (2011). https://doi.org/10.1145/1929529.1929536, http://doi.acm.org/10.1145/1929529.1929536Google ScholarDigital Library
Chen, H., Tiu, A., Xu, Z., Liu, Y.: A permission-dependent type system for secure information flow analysis. In: CSF. pp. 218--232. IEEE Computer Society (2018)Google Scholar
Chin, W., Khoo, S.: Calculating sized types. Higher-Order and Symbolic Computation 14(2-3), 261--300 (2001). https://doi.org/10.1023/A:1012996816178, https://doi.org/10.1023/A:1012996816178Google ScholarDigital Library
Çiçek, E., Garg, D., Acar, U.A.: Refinement types for incremental computational complexity. In: Programming Languages and Systems - 24th European Symposium on Programming, ESOP 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015. Proceedings. pp. 406--431 (2015). https://doi.org/10.1007/978-3-662-46669-8_17, https://doi.org/10.1007/978-3-662-46669-8_17Google Scholar
Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: 1987 IEEE Symposium on Security and Privacy. pp. 184--184 (April 1987). https://doi.org/10.1109/SP.1987.10001Google ScholarCross Ref
Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Conference Record of the Fourth ACM Symposium on Principles of Programming Languages, Los Angeles, California, USA, January 1977. pp. 238--252 (1977). https://doi.org/10.1145/512950.512973, https://doi.org/10.1145/512950.512973Google ScholarDigital Library
David, H., Gorbatov, E., Hanebutte, U.R., Khanna, R., Le, C.: Rapl: Memory power estimation and capping. In: Proceedings of the 16th ACM/IEEE International Symposium on Low Power Electronics and Design. pp. 189--194. ISLPED '10, ACM, New York, NY, USA (2010). https://doi.org/10.1145/1840845.1840883, http://doi.acm.org/10.1145/1840845.1840883Google ScholarDigital Library
Di Pirro, M., Conti, M., Lazzeretti, R.: Ensuring information security by using haskell's advanced type system. In: 2017 International Carnahan Conference on Security Technology (ICCST). pp. 1--6 (Oct 2017). https://doi.org/10.1109/CCST.2017.8167844Google ScholarCross Ref
Falk, H., Lokuciejewski, P.: A compiler framework for the reduction of worst-case execution times. Real-Time Systems 46(2), 251--300 (Oct 2010). https://doi.org/10.1007/s11241-010-9101-x, https://doi.org/10.1007/s11241-010-9101-xGoogle ScholarDigital Library
Falk, H., Lokuciejewski, P.: A compiler framework for the reduction of worst-case execution times. Real-Time Systems 46(2), 251--300 (2010)Google ScholarDigital Library
Focardi, R., Martinelli, F.: A uniform approach for the definition of security properties. In: Wing, J.M., Woodcock, J., Davies, J. (eds.) FM'99 -- Formal Methods. pp. 794--813. Springer Berlin Heidelberg, Berlin, Heidelberg(1999)Google Scholar
Georgiou, K., Kerrison, S., Chamski, Z., Eder, K.: Energy transparency for deeply embedded programs. TACO 14(1), 8:1--8.26 (2017)Google ScholarDigital Library
Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symposium on Security and Privacy. pp. 11--11 (April 1982). https://doi.org/10.1109/SP.1982.10014Google ScholarCross Ref
Gosling, J., Joy, B., Steele, G.L., Bracha, G., Buckley, A.: The Java Language Specification, Java SE 8 Edition. Addison-Wesley Professional, 1st edn. (2014)Google Scholar
Gulwani, S., Mehra, K.K., Chilimbi, T.M.: SPEED: precise and efficient static estimation of program computational complexity. In: Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2009, Savannah, GA, USA, January 21-23, 2009. pp. 127--139 (2009). https://doi.org/10.1145/1480881.1480898, https://doi.org/10.1145/1480881.1480898Google ScholarDigital Library
Hermenegildo, M.V., Puebla, G., Bueno, F., López-García, P.: Integrated program debugging, verification, and optimization using abstract interpretation (and the ciao system preprocessor). Sci. Comput. Program. 58(1-2), 115--140 (2005). https://doi.org/10.1016/j.scico.2005.02.006, https://doi.org/10.1016/j.scico.2005.02.006Google ScholarDigital Library
Hoffmann, J., Aehlig, K., Hofmann, M.: Multivariate amortized resource analysis. ACM Trans. Program. Lang. Syst. 34(3), 14:1--14.62 (2012). https://doi.org/10.1145/2362389.2362393, https://doi.org/10.1145/2362389.2362393Google ScholarDigital Library
Hughes, J., Pareto, L.: Recursion and dynamic data-structures in bounded space: Towards embedded ML programming. In: Proceedings of the fourth ACM SIGPLAN International Conference on Functional Programming (ICFP '99), Paris, France, September 27-29, 1999. pp. 70--81 (1999). https://doi.org/10.1145/317636.317785, https://doi.org/10.1145/317636.317785Google ScholarDigital Library
Hutton, G.: Programming in Haskell. Cambridge University Press, New York, NY, USA (2007)Google Scholar
Joye, M., Yen, S.M.: The montgomery powering ladder. In: Kaliski, B.S., Koç, ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2002. pp. 291--302. Springer Berlin Heidelberg, Berlin, Heidelberg (2003)Google Scholar
Kästner, D., Pister, M., Wegener, S., Ferdinand, C.: TimeWeaver: A Tool for Hybrid Worst-Case Execution Time Analysis. In: Altmeyer, S. (ed.) 19th International Workshop on Worst-Case Execution Time Analysis (WCET 2019). OpenAccess Series in Informatics (OASIcs), vol. 72, pp. 1:1--1.11. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany (2019). https://doi.org/10.4230/OASIcs.WCET.2019.1, http://drops.dagstuhl.de/opus/volltexte/2019/10766Google Scholar
Kerrison, S., Eder, K.: Energy modeling of software for a hardware multithreaded embedded microprocessor. ACM Trans. Embedded Comput. Syst. 14(3), 56:1--56:25 (2015)Google ScholarDigital Library
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) Advances in Cryptology -- CRYPTO' 99. pp. 388--397. Springer Berlin Heidelberg, Berlin, Heidelberg (1999)Google Scholar
Kocher, P.C.: Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: Koblitz, N. (ed.) Advances in Cryptology -- CRYPTO '96. pp. 104--113. Springer Berlin Heidelberg, Berlin, Heidelberg (1996)Google Scholar
Kumar, R., Rensink, A., Stoelinga, M.: Locks: A property specification language for security goals. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing. pp. 1907--1915. SAC '18, ACM, New York, NY, USA (2018). https://doi.org/10.1145/3167132.3167336, http://doi.acm.org/10.1145/3167132.3167336Google ScholarDigital Library
Lago, U.D., Petit, B.: The geometry of types. In: The 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '13, Rome, Italy - January 23-25, 2013. pp. 167--178 (2013). https://doi.org/10.1145/2429069.2429090, https://doi.org/10.1145/2429069.2429090Google ScholarDigital Library
Li, Y.S., Malik, S.: Performance analysis of embedded software using implicit path enumeration. IEEE Trans. on CAD of Integrated Circuits and Systems 16(12), 1477--1487 (1997)Google ScholarDigital Library
Liqat, U., Kerrison, S., Serrano, A., Georgiou, K., López-García, P., Grech, N., Hermenegildo, M.V., Eder, K.: Energy consumption analysis of programs based on XMOS isa-level models. In: LOPSTR. Lecture Notes in Computer Science, vol. 8901, pp. 72--90. Springer (2013)Google Scholar
López-García, P., Darmawan, L., Klemen, M., Liqat, U., Bueno, F., Hermenegildo, M.V.: Interval-based resource usage verification by translation into horn clauses and an application to energy consumption. TPLP 18(2), 167--223 (2018). https://doi.org/10.1017/S1471068418000042, https://doi.org/10.1017/S1471068418000042Google ScholarCross Ref
Morse, J., Kerrison, S., Eder, K.: On the limitations of analysing worst-case dynamic energy of processing. ACM Transactions on Embedded Computing Systems 17(3) (2 2018). https://doi.org/10.1145/3173042Google ScholarDigital Library
Necula, G.C.: Proof-carrying code. In: Conference Record of POPL'97: The 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Papers Presented at the Symposium, Paris, France, 15-17 January 1997. pp. 106--119 (1997). https://doi.org/10.1145/263699.263712, https://doi.org/10.1145/263699.263712Google ScholarDigital Library
Núñez-Yáñez, J.L., Lore, G.: Enabling accurate modeling of power and energy consumption in an arm-based system-on-chip. Microprocessors and Microsystems-Embedded Hardware Design 37(3), 319--332 (2013)Google ScholarCross Ref
Pallister, J., Hollis, S.J., Bennett, J.: BEEBS: open benchmarks for energy measurements on embedded platforms. CoRR abs/1308.5174 (2013), http://arxiv.org/abs/1308.5174Google Scholar
Reparaz, O., Balasch, J., Verbauwhede, I.: Dude, is my code constant time? In: Design, Automation Test in Europe Conference Exhibition (DATE), 2017. pp. 1697--1702 (March 2017). https://doi.org/10.23919/DATE.2017.7927267Google ScholarCross Ref
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120--126 (1978)Google ScholarDigital Library
Ryan, P.Y.: Mathematical models of computer security. In: International School on Foundations of Security Analysis and Design. pp. 1--62. Springer (2000)Google Scholar
Serrano, A., López-García, P., Hermenegildo, M.V.: Resource usage analysis of logic programs via abstract interpretation using sized types. TPLP 14(4-5), 739--754 (2014). https://doi.org/10.1017/S147106841400057X, https://doi.org/10.1017/S147106841400057XGoogle ScholarCross Ref
Shao, Y.S., Brooks, D.M.: Energy characterization and instruction-level energy model of intel's xeon phi processor. In: ISLPED. pp. 389--394. IEEE (2013)Google Scholar
Slama, F.: Automatic generation of proof terms in dependently typed programming languages. Ph.D. thesis, University of St Andrews (2018)Google Scholar
Slama, F., Brady, E.: Automatically proving equivalence by type-safe reflection. In: Intelligent Computer Mathematics - 10th International Conference, CICM 2017, Edinburgh, UK, July 17-21, 2017, Proceedings. pp. 40--55 (2017). https://doi.org/10.1007/978-3-319-62075-6_4, https://doi.org/10.1007/978-3-319-62075-6_4Google Scholar
Swamy, N., Corcoran, B.J., Hicks, M.: Fable: A language for enforcing user-defined security policies. In: 2008 IEEE Symposium on Security and Privacy (sp 2008). pp. 369--383 (May 2008). https://doi.org/10.1109/SP.2008.29Google ScholarDigital Library
Tiwari, V., Malik, S., Wolfe, A.: Power analysis of embedded software: a first step towards software power minimization. IEEE Trans. VLSI Syst. 2(4), 437--445 (1994)Google ScholarDigital Library
Vasconcelos, P.B., Hammond, K.: Inferring cost equations for recursive, polymorphic and higher-order functional programs. In: Implementation of Functional Languages, 15th International Workshop, IFL 2003, Edinburgh, UK, September 8-11, 2003, Revised Papers. pp. 86--101 (2003). https://doi.org/10.1007/978-3-540-27861-0_6, https://doi.org/10.1007/978-3-540-27861-0_6Google Scholar
Volpano, D.M., Irvine, C.E., Smith, G.: A sound type system for secure flow analysis. Journal of Computer Security 4(2/3), 167--188 (1996)Google ScholarCross Ref
Wilhelm, R., Engblom, J., Ermedahl, A., Holsti, N., Thesing, S., Whalley, D., Bernat, G., Ferdinand, C., Heckmann, R., Mitra, T., Mueller, F., Puaut, I., Puschner, P., Staschulat, J., Stenström, P.: The worst-case execution-time problem--overview of methods and survey of tools. ACM Trans. Embed. Comput. Syst. 7(3), 36:1--36:53 (May 2008). https://doi.org/10.1145/1347375.1347389, http://doi.acm.org/10.1145/1347375.1347389Google ScholarDigital Library
Wilhelm, R., Engblom, J., Ermedahl, A., Holsti, N., Thesing, S., Whalley, D., Bernat, G., Ferdinand, C., Heckmann, R., Mitra, T., Mueller, F., Puaut, I., Puschner, P., Staschulat, J., Stenström, P.: The Worst-case Execution-time Problem--Overview of Methods and Survey of Tools. ACM Trans. Embed. Comput. Syst. 7(3), 36:1--36:53 (May 2008). https://doi.org/10.1145/1347375.1347389, http://doi.acm.org/10.1145/1347375.1347389Google ScholarDigital Library
Xian, C., Lu, Y., Li, Z.: Energy-aware scheduling for real-time multiprocessor systems with uncertain task execution time. In: DAC. pp. 664--669. IEEE (2007)Google Scholar
Ziade, H., Ayoubi, R., Velazco, R.: A survey on fault injection techniques. International Arab Journal of Information Technology Vol. 1, No. 2, July, 171--186 (2004), https://hal.archives-ouvertes.fr/hal-00105562Google Scholar

Index Terms

Type-Driven Verification of Non-functional Properties
1. Security and privacy
  1. Software and application security
    1. Software security engineering
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
  2. Software notations and tools
    1. General programming languages
      1. Language types
        Imperative languages
    2. Software maintenance tools

Recommendations

A trustworthy framework for resource-aware embedded programming
IFL '19: Proceedings of the 31st Symposium on Implementation and Application of Functional Languages

Systems with non-functional requirements, such as Energy, Time and Security (ETS), are of increasing importance due to the proliferation of embedded devices with limited resources such as drones, wireless sensors, and tablet computers. Currently, ...
Read More
Pycket: a tracing JIT for a functional language
ICFP '15

We present Pycket, a high-performance tracing JIT compiler for Racket. Pycket supports a wide variety of the sophisticated features in Racket such as contracts, continuations, classes, structures, dynamic binding, and more. On average, over a standard ...
Read More
Pycket: a tracing JIT for a functional language
ICFP 2015: Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming

We present Pycket, a high-performance tracing JIT compiler for Racket. Pycket supports a wide variety of the sophisticated features in Racket such as contracts, continuations, classes, structures, dynamic binding, and more. On average, over a standard ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PPDP '19: Proceedings of the 21st International Symposium on Principles and Practice of Declarative Programming
October 2019
280 pages
ISBN:9781450372497
DOI:10.1145/3354166
Program Chair:
Ekaterina Komendantskaya
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 7 October 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
C
IDRIS
contracts
energy
non-functional properties
proofs
security
time
verification
Qualifiers
- research-article
- Research
- Refereed limited
Conference

Acceptance Rates
PPDP '19 Paper Acceptance Rate19of45submissions,42%Overall Acceptance Rate230of486submissions,47%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 2
  Total Citations
  View Citations
- 128
  Total Downloads
- Downloads (Last 12 months)15
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Type-Driven Verification of Non-functional Properties

PPDP '19: Proceedings of the 21st International Symposium on Principles and Practice of Declarative Programming

ABSTRACT

References

Cited By

Index Terms

Recommendations

A trustworthy framework for resource-aware embedded programming

Pycket: a tracing JIT for a functional language

Pycket: a tracing JIT for a functional language

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Type-Driven Verification of Non-functional Properties

PPDP '19: Proceedings of the 21st International Symposium on Principles and Practice of Declarative Programming

ABSTRACT

References

Cited By

Index Terms

Recommendations

A trustworthy framework for resource-aware embedded programming

Pycket: a tracing JIT for a functional language

Pycket: a tracing JIT for a functional language

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media