Securing Software: Languages

Goals

• Type systems
  • Understand what type safety does (and does not) guarantee
  • Assess whether a language is strongly typed
• Verification
  • Explain what it means to verify a program
  • Understand basic techniques for program verification
  • Calculate a weakest precondition
  • Be prepared to verify a program in recitation

Types

• Why do we need types?
• Why are types necessary for compilation?
• What kinds of properties can types provide?
  • Why don’t most type systems support verification?
• What does it mean for a language to be type safe?
• Why is C considered unsafe?
• Give some examples of untyped, weakly-typed, and strongly-typed languages

• What elements do you need to prove that a language is type safe?

• From safety to security
  • How can types be used to encode safety properties?
  • What is non-interference? Why does it match our intuitive notion of secrecy?

Verification

• Why can’t program analysis be sound and complete?
  • How does verification circumvent this result?
• How can you specify that a program is correct?
• What is a valid Hoare triple?
• What is the definition of a weakest precondition?
  • How can we calculate a weakest precondition?
  • How are weakest preconditions used in verification?

• What are some limitations of verification?

• Dafny
  • What kinds of properties is Dafny designed to verify?
  • How do Dafny methods differ from Dafny functions?
  • How does Dafny handle assertions?
  • How does Dafny handle loops?
  • What is framing, and how is it handled in Dafny?