Abstract
This paper presents design goals, development approaches, and applications for Slang – a subset of the Scala programming language designed for engineering high assurance safety/security-critical systems. Rationale is given for specializing Scala for Slang so as to retain Scala’s synergistic blend of imperative, functional, and object-oriented features while omitting and tailoring features that make formal verification and other analyses difficult. Strategies for enhancing the usability of Slang are discussed including integration with the broader Scala/JVM ecosystem, compilers, and development environments. A number of accompanying Slang tools are described including Slang scripting, meta-programming support, and translators to Javascript and native code that enable support for a wide range of deployment platforms. To support deployment on constrained embedded platforms, the Slang Embedded subset and an accompanying C translator generate efficient implementations that avoid garbage-collection and other aspects that hinder deployment and safety/security assurances. We conclude with a discussion of how our experiences with Slang may provide suggestions for the future of programming and programming language design for engineering critical systems.
Work supported in part by the US Defense Advanced Research Projects Agency, US Air Force Research Lab, US Army, and US Department of Homeland Security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This does not preclude graph algorithms from being written in Slang; in fact, the Slang runtime library provides a graph library (used in [33]), including cycle detection (graphs are realized using indexed node pools with pairs of indices as edges).
- 2.
Memory footprint optimizations in the Scala compiler plugin for Slang include flattening None into null and Some to its contained value internally for object fields, but optional values are used for field accesses.
- 3.
A runtime contract checker (similar to [36]) can be developed in the future for testing purposes (or for contract enforcement with various mitigation options).
- 4.
Aside from extensions in the Slang runtime library for file access (and spawning processes, OS detection, etc.), which are available on JVM and native targets.
- 5.
We initially planned to offer C compilation with garbage collection, but GraalVM or Scala Native can be used instead. We may reconsider such approach in the future.
References
Amtoft, T., et al.: A certificate infrastructure for machine-checked proofs of conditional information flow. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 369–389. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28641-4_20
Amtoft, T., Hatcliff, J., Rodríguez, E., Robby, Hoag, J., Greve, D.A.: Specification and checking of software contracts for conditional information flow. In: Hardin, D.S. (ed.) Design and Verification of Microprocessor Systems for High-Assurance Applications, pp. 341–379. Springer, Cham (2010)
Backes, J., et al.: Semantic-based automated reasoning for AWS access policies using SMT. In: Formal Methods in Computer Aided Design (FMCAD), pp. 1–9 (2018)
Banerjee, A., Danvy, O., Doh, K., Hatcliff, J. (eds.): Semantics, Abstract Interpretation, and Reasoning about Programs: Essays Dedicated to David A. Schmidt [on occasion of his 60th birthday], EPTCS, vol. 129. OPA, September 2013
Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: an overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 49–69. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30569-9_3
Barrett, C., et al.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_14
Belt, J., Hatcliff, J., Robby, Chalin, P., Hardin, D., Deng, X.: Bakar Kiasan: flexible contract checking for critical systems using symbolic execution. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NASA Formal Methods. NFM 2011. LNCS, vol. 6617, pp. 58–72. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20398-5_6
Belt, J., Robby, Deng, X.: Sireum/Topi LDP: a lightweight semi-decision procedure for optimizing symbolic execution-based analyses. In: 7th joint European Software Engineering Conference and ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE), pp. 355–364 (2009)
Blanc, R., Kuncak, V., Kneuss, E., Suter, P.: An overview of the Leon verification system: verification by translation to recursive functions. In: 4th Workshop on Scala, pp. 1:1–1:10 (2013)
Cao, Q., Beringer, L., Gruetter, S., Dodds, J., Appel, A.W.: VST-Floyd: a separation logic tool to verify correctness of C programs. J. Autom. Reason. 61(1–4), 367–422 (2018)
Chalin, P., Robby, James, P.R., Lee, J., Karabotsos, G.: Towards an industrial grade IVE for Java and next generation research platform for JML. Int. J. Softw. Tools Technol. Transf. (STTT) 12(6), 429–446 (2010)
Clarke, D., Östlund, J., Sergey, I., Wrigstad, T.: Ownership types: a survey. In: Clarke, D., Noble, J., Wrigstad, T. (eds.) Aliasing in Object-Oriented Programming. Types, Analysis and Verification. LNCS, vol. 7850, pp. 15–58. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36946-9_3
Corbett, J.C., et al.: Bandera: extracting finite-state models from Java source code. In: 22nd International Conference on Software Engineering (ICSE), pp. 439–448 (2000)
Corbett, J.C., Dwyer, M.B., Hatcliff, J., Robby: Expressing checkable properties of dynamic systems: the Bandera Specification Language. Int. J. Softw. Tools Technol. Transf. (STTT) 4(1), 34–56 (2002)
Cuoq, P., Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C - a software analysis perspective. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 233–247. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33826-7_16
Deng, X., Dwyer, M.B., Hatcliff, J., Jung, G., Robby, Singh, G.: Model-checking middleware-based event-driven real-time embedded software. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.P. (eds.) 1st International Symposium Formal Methods for Components and Objects (FMCO). LNCS, vol. 2852, pp. 154–181. Springer, Heidelberg (2002)
Deng, X., Lee, J., Robby: Efficient and formal generalized symbolic execution. Autom. Softw. Eng. (ASE) 19(3), 233–301 (2012)
Hatcliff, J., Belt, J., Robby, Carpenter, T.: HAMR: an AADL multi-platform code generation toolset. In: Margaria, T., Steffen, B. (eds.) ISoLA 2021. LNCS, vol. 13036, pp. 274–295. Springer, Cham (2021)
Hatcliff, J., Dwyer, M.B., Pasareanu, C.S., Robby: Foundations of the Bandera abstraction tools. In: Mogensen, T.E., Schmidt, D.A., Sudborough, I.H. (eds.) The Essence of Computation. LNCS, vol. 2566, pp. 172–203. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36377-7_9
Hatcliff, J., Robby, Chalin, P., Belt, J.: Explicating symbolic execution (xSymExe): an evidence-based verification framework. In: 35th International Conference on Software Engineering (ICSE), pp. 222–231 (2013)
International, S.: SAE AS5506 Rev. C Architecture Analysis and Design Language (AADL). SAE International (2017)
Klein, G., et al.: seL4: formal verification of an OS kernel. In: 22nd ACM Symposium on Operating Systems Principles (SOSP), pp. 207–220 (2009)
Leavens, G.T., Baker, A.L., Ruby, C.: JML: a notation for detailed design. In: Kilov, H., Rumpe, B., Simmonds, I. (eds.) Behavioral Specifications of Businesses and Systems. The Springer International Series in Engineering and Computer Science, vol. 523. Springer, Boston (1999). https://doi.org/10.1007/978-1-4615-5229-1_12
Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR 2010. LNCS (LNAI), vol. 6355, pp. 348–370. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17511-4_20
Leroy, X., Blazy, S., Kästner, D., Schommer, B., Pister, M., Ferdinand, C.: CompCert - a formally verified optimizing compiler. In: Embedded Real Time Software and Systems (ERTS) (2016)
de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24
de Moura, L., Kong, S., Avigad, J., van Doorn, F., von Raumer, J.: The lean theorem prover (system description). In: Felty, A.P., Middeldorp, A. (eds.) CADE 2015. LNCS (LNAI), vol. 9195, pp. 378–388. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21401-6_26
Naumann, D.A.: Observational purity and encapsulation. Theor. Comput. Sci. (TCS) 376(3), 205–224 (2007)
Robby, Chalin, P.: Preliminary design of a unified JML representation and software infrastructure. In: 11th Formal Techniques for Java-like Programs (FTfJP), pp. 5:1–5:7 (2009)
Robby, Dwyer, M.B., Hatcliff, J.: Bogor: an extensible and highly-modular software model checking framework. In: 11th ACM SIGSOFT Symposium on Foundations of Software Engineering held Jointly with 9th European Software Engineering Conference (ESEC/FSE), pp. 267–276 (2003)
Rodríguez, E., Dwyer, M., Flanagan, C., Hatcliff, J., Leavens, G.T., Robby: Extending JML for modular specification and verification of multi-threaded programs. In: Black, A.P. (eds.) ECOOP 2005 - Object-Oriented Programming. ECOOP 2005. LNCS, vol. 3586, pp. 551–576. Springer, Heidelberg (2005). https://doi.org/10.1007/11531142_24
Thiagarajan, H., Hatcliff, J., Belt, J., Robby: Bakar Alir: supporting developers in construction of information flow contracts in SPARK. In: 12th Source Code Analysis and Manipulation (SCAM), pp. 132–137 (2012)
Thiagarajan, H., Hatcliff, J., Robby: Awas: AADL information flow and error propagation analysis framework. Innovations Syst. Softw. Eng. (ISSE) (2021). https://doi.org/10.1007/s11334-021-00410-w
Wei, F., Roy, S., Ou, X., Robby: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of Android apps. ACM Trans. Priv. Secur. (TOPS) 21(3), 14:1–14:32 (2018)
Wilding, M.M., Greve, D.A., Richards, R.J., Hardin, D.S.: Formal verification of partition management for the AAMP7G microprocessor. In: Hardin, D. (eds.) Design and Verification of Microprocessor Systems for High-Assurance Applications. Springer, Boston (2010). https://doi.org/10.1007/978-1-4419-1539-9_6
Yi, J., Robby, Deng, X., Roychoudhury, A.: Past expression: encapsulating pre-states at post-conditions by means of AOP. In: Aspect-Oriented Software Development (AOSD), pp. 133–144 (2013)
Zhang, Z., Robby, Hatcliff, J., Moy, Y., Courtieu, P.: Focused certification of an industrial compilation and static verification toolchain. In: Cimatti, A., Sirjani, M. (eds.) Software Engineering and Formal Methods. SEFM 2017. LNCS, vol. 10469, pp. 17–34. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66197-1_2
Project Loom. https://openjdk.java.net/projects/loom
Sireum Logika: A program verifier and a natural deduction proof checker for propositional, predicate, and programming logics. http://logika.v3.sireum.org
Slang: The Sireum Programming Language. http://slang.sireum.org
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Robby, Hatcliff, J. (2021). Slang: The Sireum Programming Language. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation. ISoLA 2021. Lecture Notes in Computer Science(), vol 13036. Springer, Cham. https://doi.org/10.1007/978-3-030-89159-6_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-89159-6_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89158-9
Online ISBN: 978-3-030-89159-6
eBook Packages: Computer ScienceComputer Science (R0)