Abstract
The shell language is widely used for various system administration tasks on UNIX machines, as for instance as part of the installation process of software packages in FOSS distributions. Our mid-term goal is to analyze these scripts as part of an ongoing effort to use formal methods for the quality assurance of software distributions, to prove their correctness, or to pinpoint bugs. However, the syntax and semantics of POSIX shell are particularly treacherous.
We propose a new language called CoLiS which, on the one hand, has well-defined static semantics and avoids some of the pitfalls of the shell, and, on the other hand, is close enough to the shell to be the target of an automated translation of the scripts in our corpus. The language has been designed so that it will be possible to compile automatically a large number of shell scripts into the CoLiS language.
We formally define its syntax and semantics in Why3, define an interpreter for the language in the WhyML programming language, and present an automated proof in the Why3 proof environment of soundness and completeness of our interpreter with respect to the formal semantics.
This work has been partially supported by the ANR project CoLiS, contract number ANR-15-CE25-0001.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Appel, A.W., McAllester, D.: An indexed model of recursive types for foundational proof-carrying code. ACM Trans. Program. Lang. Syst. 23(5), 657–683 (2001). http://doi.acm.org/10.1145/504709.504712
Barrett, C., Conway, C.L., Deters, M., Hadarean, L., Jovanović, D., King, T., Reynolds, A., Tinelli, C.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_14. http://cvc4.cs.stanford.edu/web/
Barrett, C., Tinelli, C.: CVC3. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 298–302. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73368-3_34
Bobot, F., Conchon, S., Contejean, E., Iguernelala, M., Lescuyer, S., Mebsout, A.: The Alt-Ergo automated theorem prover (2008). https://alt-ergo.ocamlpro.com/
Bobot, F., Filliâtre, J.C., Marché, C., Paskevich, A.: Why3: Shepherd your herd of provers. In: First International Workshop on Intermediate Verification Languages, Boogie 2011, Wrocław, Poland, pp. 53–64, August 2011. http://proval.lri.fr/publications/boogie11final.pdf
Braakman, R., Rodin, J., Gilbey, J., Hobley, M.: Checkbashisms. https://sourceforge.net/projects/checkbaskisms/
Chen, R., Clochard, M., Marché, C.: A formal proof of a UNIX path resolution algorithm. Research Report RR-8987, Inria Saclay Ile-de-France, December 2016
Clochard, M., Filliâtre, J.-C., Marché, C., Paskevich, A.: Formalizing semantics with an automatic program verifier. In: Giannakopoulou, D., Kroening, D. (eds.) VSTTE 2014. LNCS, vol. 8471, pp. 37–51. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12154-3_3
Filliâtre, J.-C., Gondelman, L., Paskevich, A.: The spirit of ghost code. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 1–16. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08867-9_1. https://hal.inria.fr/hal-00873187
Greenberg, M.: Understanding the POSIX shell as a programming language. In: Off the Beaten Track 2017, Paris, France, January 2017
Holen, V.: Shellcheck. https://github.com/koalaman/shellcheck
IEEE and The Open Group: POSIX.1-2008/Cor 1–2013. http://pubs.opengroup.org/onlinepubs/9699919799/
Jeannerod, N.: Full Why3 code for the CoLiS language and its proofs. http://toccata.lri.fr/gallery/colis_interpreter.en.html
Jeannerod, N., Régis-Gianas, Y., Treinen, R.: Having fun with 31.521 shell scripts. Working paper, April 2017. https://hal.archives-ouvertes.fr/hal-01513750
Mazurak, K., Zdancewic, S.: ABASH: finding bugs in bash scripts. In: Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security, PLAS 2007, San Diego, CA, USA, pp. 105–114, June 2007
de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24. https://github.com/Z3Prover/z3
Schulz, S.: System description: E 0.81. In: Basin, D., Rusinowitch, M. (eds.) IJCAR 2004. LNCS (LNAI), vol. 3097, pp. 223–228. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-25984-8_15. http://wwwlehre.dhbw-stuttgart.de/~sschulz/E/E.html
The Debian Policy Mailing List: Debian policy manual. https://www.debian.org/doc/debian-policy/
Weidenbach, C., Dimova, D., Fietzke, A., Kumar, R., Suda, M., Wischnewski, P.: SPASS version 3.5. In: Schmidt, R.A. (ed.) CADE 2009. LNCS (LNAI), vol. 5663, pp. 140–145. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02959-2_10. http://www.mpi-inf.mpg.de/departments/automation-of-logic/software/spass-workbench/classic-spass-theorem-prover/
Acknowledgements
We would like to thanks Mihaela Sighireanu, Ilham Dami, Yann Régis-Gianas, and the other members of the CoLiS project, for their contributions and feedback on the design of the CoLiS language.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Jeannerod, N., Marché, C., Treinen, R. (2017). A Formally Verified Interpreter for a Shell-Like Programming Language. In: Paskevich, A., Wies, T. (eds) Verified Software. Theories, Tools, and Experiments. VSTTE 2017. Lecture Notes in Computer Science(), vol 10712. Springer, Cham. https://doi.org/10.1007/978-3-319-72308-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-72308-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72307-5
Online ISBN: 978-3-319-72308-2
eBook Packages: Computer ScienceComputer Science (R0)