Verifiable functional purity in java

Matthew Finifter, Adrian Mettler, Naveen Sastry, David Wagner
2008 Proceedings of the 15th ACM conference on Computer and communications security - CCS '08  
Proving that particular methods within a code base are functionally pure-deterministic and side-effect free-would aid verification of security properties including function invertibility, reproducibility of computation, and safety of untrusted code execution. Until now it has not been possible to automatically prove a method is functionally pure within a high-level imperative language in wide use, such as Java. We discuss a technique to prove that methods are functionally pure by writing
more » ... s in a subset of Java called Joe-E; a static verifier ensures that programs fall within the subset. In Joe-E, pure methods can be trivially recognized from their method signature. To demonstrate the practicality of our approach, we refactor an AES library, an experimental voting machine implementation, and an HTML parser to use our techniques. We prove that their top-level methods are verifiably pure and show how this provides high-level security guarantees about these routines. Our approach to verifiable purity is an attractive way to permit functional-style reasoning about security properties while leveraging the familiarity, convenience, and legacy code of imperative languages.
doi:10.1145/1455770.1455793 dblp:conf/ccs/FinifterMSW08 fatcat:jcthk6a4pzgbhats3l6dxga35m