Type-Driven Verification of Non-functional Properties

Brown, Christopher; Barwell, Adam D.; Marquer, Yoann; Minh, C Ta; Zendra, Olivier

doi:10.1145/3354166.3354171

Cited by 4 publications

(7 citation statements)

References 50 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Instead of defining Imp with a specific numeric data type, e.g. the natural numbers, as in [6], we aim to build a framework that allows for generic representations of numeric values. Taking inspiration from Slama and Brady [30], we index expressions and statements with a setoid, (set : Setoid c (≃)) and an algebraic structure, (Struct c set kind), defined on a carrier type, (c : Type).…”

Section: Numeric Valuesmentioning

confidence: 99%

“…We might define an example context for the environment defined in Example 3.7, which has a single numeric variable, x 2 , and three arrays, α 1 1 , α 3 2 , and α 5 2 , in scope. 5,6,7,8,9]. The variable testAValsStructSame provides the proof that the list of arrays, testAVals is a vector of length three, with nested vectors of lengths 1, 3, and 5.…”

Section: Contextsmentioning

confidence: 99%

“…Energy consumption, which is of increasing interest to embedded systems programming [24], has also been represented as a function of program arguments [13,22]. These approaches typically depend upon specific type systems or languages; accordingly, applying them to other languages can prove non-trivial [6]. Abstract interpretation offers an alternative approach to the verification and debugging of programs in languages that may not necessarily be best equipped for the desired techniques [23].…”

Section: Related Workmentioning

confidence: 99%

“…More recently, The Ciao Preprocessor system (CiaoPP) [16,23,29] models Java [14] and XC [1] programs as sequences of Horn Clauses in order to debug and certify programs, using resource usage information that the system derives. A high-level comparison between CiaoPP and Drive is given by Brown et al [6].…”

Section: Related Workmentioning

confidence: 99%

“…Drive [6], is a framework for capturing, and reasoning about, non-functional properties such as Energy, Time and Security (ETS) in C programs. It includes the Contract Specification Language (CSL), an Embedded Domain Specific Language (EDSL) that defines C-statement annotations in order to capture non-functional properties of the statements they annotate, including energy usage, worst-case execution time (WCET), and the degree of vulnerability to side-channel attacks.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

A trustworthy framework for resource-aware embedded programming

Barwell

Brown

2019

Proceedings of the 31st Symposium on Implementation and Application of Functional Languages

Self Cite

View full text Add to dashboard Cite

Systems with non-functional requirements, such as Energy, Time and Security (ETS), are of increasing importance due to the proliferation of embedded devices with limited resources such as drones, wireless sensors, and tablet computers. Currently, however, there are little to no programmer supported methodologies or frameworks to allow them to reason about ETS properties in their source code. Drive is one such existing framework supporting the developer by lifting non-functional properties to the source-level through the Contract Specification Language (CSL), allowing non-functional properties to be first-class citizens, and supporting programmerwritten code-level contracts to guarantee the non-functional specifications of the program are met. In this paper, we extend the Drive system by providing rigorous implementations of the underlying proof-engine, modeling the specification of the annotations and assertions from CSL for a representative subset of C, called Imp. We define both an improved abstract interpretation that automatically derives proofs of assertions, and define inference algorithms for the derivation of both abstract interpretations and the context over which the interpretation is indexed. We use the dependentlytyped programming language, Idris, to give a formal definition, and implementation, of our abstract interpretation. Finally, we show our well-formed abstract interpretation over some representative exemplars demonstrating provable assertions of ETS.

show abstract

Section: Numeric Valuesmentioning

confidence: 99%

Section: Contextsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A trustworthy framework for resource-aware embedded programming

Barwell

Brown

2019

Proceedings of the 31st Symposium on Implementation and Application of Functional Languages

Self Cite

View full text Add to dashboard Cite

show abstract

Semi-automatic ladderisation: improving code security through rewriting and dependent types

Brown

Barwell

Marquer

et al. 2022

Proceedings of the 2022 ACM SIGPLAN International Workshop on Partial Evaluation and Program Manipulation

Self Cite

View full text Add to dashboard Cite

Cyber attacks become more and more prevalent every day. One type of cyber attack is known as a side channel attack, where attackers exploit information leakage from the physical execution of a program, e.g. timing or power leakage, to uncover secret information, such as encryption keys or other sensitive data. There have been various attempts at addressing the problem of preventing side-channel attacks, often relying on various measures to decrease the discernibility of several code variants or code paths. Most techniques require a high-degree of expertise by the developer, who often employs ad hoc, hand-crafted code-patching in an attempt to make it more secure. In this paper, we take a different approach: building on the idea of ladderisation, inspired by Montgomery Ladders. We present a semi-automatic toolsupported technique, aimed at the non-specialised developer, which refactors (a class of) C programs into functionally (and even algorithmically) equivalent counterparts with improved security properties. Our approach provides refactorings that transform the source code into its ladderised equivalent, driven by an underlying verified rewrite system, based on dependent types. Our rewrite system automatically finds rewritings of selected C expressions, facilitating the production of their equivalent ladderised counterparts for a subset of C. We demonstrate our approach on a number of representative examples from the cryptographic domain, showing increased security.

show abstract

2023 Design, Automation & Test in Europe Conference & Exhibition (DATE)

2023

View full text Add to dashboard Cite

Non-functional properties, such as energy, time, and security (ETS) are becoming increasingly important for the programming of Cyber-Physical Systems (CPS). This paper describes TeamPlay, a research project funded under the EU Horizon 2020 programme between January 2018 and June 2021. TeamPlay aimed to provide the system designer with a toolchain for developing embedded applications where ETS properties are first-class citizens, allowing the developer to reflect directly on energy, time and security properties at the source code level. In this paper we give an overview of the TeamPlay methodology, introduce the challenges and solutions of our approach and summarise the results achieved. Overall, applying our TeamPlay methodology led to an improvement of up to 18% performance and 52% energy usage over traditional approaches.

show abstract

Type-Driven Verification of Non-functional Properties

Cited by 4 publications

References 50 publications

A trustworthy framework for resource-aware embedded programming

A trustworthy framework for resource-aware embedded programming

Semi-automatic ladderisation: improving code security through rewriting and dependent types

2023 Design, Automation & Test in Europe Conference & Exhibition (DATE)

Contact Info

Product

Resources

About