iProve: A scalable technique for consumer-verifiable software guarantees

Formally proving complex program properties is still considered impractical for systems with over a million lines of code. We present iProve, an approach that enables guaranteeing useful properties in large Java systems. Desired properties are proven in iProve as a combination of two proofs: one of a complex property applied to a small piece of code—a nucleus—using existing theorem provers, and a proof of a simple property applied to the rest of the code—the program body—using iProve. We show how iProve can be used to guarantee properties such as communication security, deadlock immunity, data privacy, and resource usage bounds in Java programs with millions of lines of code. iProve scales well, requires no access to source code, and allows nuclei to be reused with an unlimited number of systems and to be written in verification-friendly languages.

[1]  Shmuel Katz,et al.  Superimpositions and Aspect-oriented Programming , 2003, Comput. J..

[2]  Grigore Rosu,et al.  An Overview of the Runtime Verification Tool Java PathExplorer , 2004, Formal Methods Syst. Des..

[3]  Antonio Casimiro,et al.  Dependable adaptive real-time applications in wormhole-based systems , 2004, International Conference on Dependable Systems and Networks, 2004.

[4]  Richard A. Kemmerer,et al.  Specification and verification of the UCLA Unix security kernel , 1979, CACM.

[5]  Grigore Rosu,et al.  Java-MOP: A Monitoring Oriented Programming Environment for Java , 2005, TACAS.

[6]  Yves Deswarte,et al.  Supporting multiple levels of criticality , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[7]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[8]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[9]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[10]  Horatiu Jula,et al.  Deadlock Immunity: Enabling Systems to Defend Against Deadlocks , 2008, OSDI.

[11]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[12]  Gregor Kiczales,et al.  Aspect-oriented programming , 2001, ESEC/FSE-9.

[13]  Rupak Majumdar,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 1997, Lecture Notes in Computer Science.

[14]  Viktor Kuncak,et al.  Full functional verification of linked data structures , 2008, PLDI '08.

[15]  Clinton L. Jeffery,et al.  A lightweight architecture for program execution monitoring , 1998, PASTE '98.

[16]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[17]  Viktor Kuncak,et al.  Modular data structure verification , 2007 .