Robust Safety for Move

10/11/2021
by   Marco Patrignani, et al.
0

A program that maintains key safety properties even when interacting with arbitrary untrusted code is said to enjoy robust safety. Proving that a program written in a mainstream language is robustly safe is typically challenging because it requires static verification tools that work precisely even in the presence of language features like dynamic dispatch and shared mutability. The emerging programming language was designed to support strong encapsulation and static verification in the service of secure smart contract programming. However, the language design has not been analyzed using a theoretical framework like robust safety. In this paper, we define robust safety for the language and introduce a generic framework for static tools that wish to enforce it. Our framework consists of two abstract components: a program verifier that can prove an invariant holds in a closed-world setting (e.g., the Move Prover), and a novel encapsulator that checks if the verifier's result generalizes to an open-world setting. We formalise an escape analysis as an instantiation of the encapsulator and prove that it attains the required security properties. Finally, we implement our encapsulator as an extension to the Move Prover and use the combination to analyze a representative benchmark set of real-world programs. This toolchain certifies >99% of the modules we analyze, validating that automatic enforcement of strong security properties like robust safety is practical for .

READ FULL TEXT

page 1

page 2

page 3

page 4

research
07/12/2021

Teaching Design by Contract using Snap!

With the progress in deductive program verification research, new tools ...
research
04/27/2020

Static Race Detection and Mutex Safety and Liveness for Go Programs (extended version)

Go is a popular concurrent programming language thanks to its ability to...
research
05/20/2017

The Meaning of Memory Safety

We propose a rigorous characterization of what it means for a programmin...
research
05/28/2021

Gobra: Modular Specification and Verification of Go Programs (extended version)

Go is an increasingly-popular systems programming language targeting, es...
research
08/09/2023

Fixing Rust Compilation Errors using LLMs

The Rust programming language, with its safety guarantees, has establish...
research
03/18/2023

Ownership guided C to Rust translation

Dubbed a safer C, Rust is a modern programming language that combines me...
research
01/26/2023

Quantitative Safety and Liveness

Safety and liveness are elementary concepts of computation, and the foun...

Please sign up or login with your details

Forgot password? Click here to reset