University of Central Florida STARS Electronic Theses and Dissertations, 2004-2019 2018 Advancing Practical Specification echniquesT for Modern Software Systems John Singleton University of Central Florida Part of the Computer Sciences Commons Find similar works at: https://stars.library.ucf.edu/etd University of Central Florida Libraries http://library.ucf.edu This Doctoral Dissertation (Open Access) is brought to you for free and open access by STARS. It has been accepted for inclusion in Electronic Theses and Dissertations, 2004-2019 by an authorized administrator of STARS. For more information, please contact [email protected]. STARS Citation Singleton, John, "Advancing Practical Specification echniquesT for Modern Software Systems" (2018). Electronic Theses and Dissertations, 2004-2019. 5794. https://stars.library.ucf.edu/etd/5794 ADVANCING PRACTICAL SPECIFICATION TECHNIQUES FOR MODERN SOFTWARE SYSTEMS by JOHN L. SINGLETON B.S. University of Central Florida, 2014 M.S. University of Central Florida, 2016 A dissertation submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy in the Department of Computer Science in the College of Engineering and Computer Science at the University of Central Florida Orlando, Florida Spring Term 2018 Major Professor: Gary T. Leavens © 2018 John L. Singleton ii ABSTRACT The pervasive nature of software (and the tendency for it to contain errors) has long been a concern of theoretical computer scientists. Many investigators have endeavored to produce theories, tools, and techniques for verifying the behavior of software systems. One of the most promising lines of research is that of formal specification, which is a subset of the larger field of formal methods. In formal specification, one composes a precise mathematical description of a software system and uses tools and techniques to ensure that the software that has been written conforms to this specification. Examples of such systems are Z notation, the Java Modeling Language, and many others. However, a fundamental problem that plagues this line of research is that the specifications themselves are often costly to produce and difficult to reuse. If the field of formal specification is to advance, we must develop sound techniques for reducing the cost of producing and reusing software specifications. The work presented in this dissertation lays out a path to producing so- phisticated, automated tools for inferring large, complex code bases, tools for allowing engineers to share and reuse specifications, and specification languages for specifying information flow poli- cies that can be written separately from program code. This dissertation introduces three main lines of research. First, I discuss a system that facilitates the authoring, sharing, and reuse of software specifications. Next, I discuss a technique which aims to reduce the cost of producing specifica- tions by automatically inferring them. Finally, I discuss a specification language called Evidently which aims to make information flow security policies easier to write, maintain, and enforce by untangling them from the code to which they are applied. iii TABLE OF CONTENTS LIST OF FIGURES . x LIST OF TABLES . xiii CHAPTER 1: INTRODUCTION . 1 Terms and Concepts . .2 Summary of Content and Contributions . .4 CHAPTER 2: A LAYERED APPROACH TO SPECIFICATION AUTHORING, SHAR- ING, AND USAGE . 6 Motivation for Specification Reuse Tooling . .6 Problems in Specification Reuse . .9 Purity . 10 Specifications are Specialized to Analysis Domains . 11 Changes Invisible at the Language Level Can Cause Incompatible Specifications . 13 Subverting Security Specifications . 14 Overview of Spekl’s Features . 15 Verification Tool Installation and Usage . 15 iv Specification Consumption . 18 Specification Layering and Authoring . 18 Verification Tool Management . 20 Creating New Tools . 20 The Spekl Package Format . 21 Package Metadata . 21 Expressing Package Dependencies . 22 Package Assets . 23 Establishing Environmental Assumptions . 23 Specifying Installation Commands . 24 The Check Definition Language . 26 The defcheck Form ............................ 28 Publishing Tools to the Spekl Repository . 29 Installing Tools from the Spekl Repository . 31 Consuming Specifications . 32 The Spekl Specification Project Format . 32 Package Metadata . 32 v Specification and Tool Configuration . 33 Running Verification Tools . 35 Specification Authoring Features . 36 Creating New Specifications . 36 Layering Specifications . 37 How Spekl Manages Hierarchies . 38 Related Work . 41 CHAPTER 3: TRANSMUTING PREDICATE TRANSFORMER RESULTS TO INFER CONCISE SPECIFICATIONS . 43 Defining the Specification Inference Problem . 43 Problems with Specifications Inferred with SP . 47 Our Approach . 50 The FAR Algorithm . 52 Abstract Specifications . 53 Connection with SP . 56 Description of FAR . 59 Base Analysis Types . 63 vi Soundness of ∼ .................................... 63 Soundness of FAR . 64 CHAPTER 4: A TECHNICAL EVALUATION OF FAR AND STRONGARM . 69 Evaluation Methodology . 70 Verification of Inferred Specifications . 71 Threats to Validity . 72 Limitations . 73 Effectiveness of Inference . 73 Efficiency of Reduction . 76 Complexity of Inferred Specifications . 78 Performance of Inference . 78 Performance of FAR . 79 A Study of the Inferred Specifications . 82 Related Work . 85 CHAPTER 5: A POLICY SPECIFICATION LANGUAGE FOR CONDITIONAL GRAD- UAL RELEASE . 87 Introduction . 87 vii Comparison of Evidently with Existing Approaches . 89 Comparison with Aspect-Oriented Programming . 91 Background on information flow Policies . 92 Declassification . 94 Motivating Examples . 98 A Newspaper Changes its Subscription Model . 98 A Growing Ecommerce Site . 99 Modeling Programs for Use in Security Policies . 100 Running Example: Decryption Key Release . 101 Models . 101 Flowpoints . 102 Flowpoint Predicates and Predicate Operators . 103 Properties . 105 Property Projections . 106 Property Specifications . 107 Levels............................................ 108 Policies . 110 viii Template Parameters . 112 The Root Policy . 114 Defining the Default Security Lattice . 115 Implementation . 116 Motivating Examples Revisited . 118 A Newspaper Changes its Subscription Model . 118 A Growing Ecommerce Site . 121 Related Work . 122 CHAPTER 6: CONCLUSIONS . 124 LIST OF REFERENCES . 126 ix LIST OF FIGURES 2.1 (a) An example of an adapter that adapts the type of audio format produced by an audio capture library. (b) An example of attempting to adapt a pure method specification in an implementation that violates the purity. .9 2.2 A simple program and specification. 12 2.3 The updated specification of Figure 2.2. Note that the preconditions have been strengthened and the bounds on a and b have been tightened. 12 2.4 The updated specification of Figure 2.2. Note that the preconditions have been strengthened and the bounds on a and b have been tightened. 13 2.5 An overview of the.