Beyond 2-Safety: Asymmetric Product Programs for Relational Program Verification

Relational Hoare Logic is a generalization of Hoare logic that allows reasoning about executions of two programs, or two executions of the same program. It can be used to verify that a program is robust or (information flow) secure, and that two programs are observationally equivalent. Product programs provide a means to reduce verification of relational judgments to the verification of a (standard) Hoare judgment, and open the possibility of applying standard verification tools to relational properties. However, previous notions of product programs are defined for deterministic and structured programs. Moreover, these notions are symmetric, and cannot be applied to properties such as refinement, which are asymmetric and involve universal quantification on the traces of the first program and existential quantification on the traces of the second program.

[1]  Wolfram Schulte,et al.  FM 2011: Formal Methods - 17th International Symposium on Formal Methods, Limerick, Ireland, June 20-24, 2011. Proceedings , 2011, FM.

[2]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[3]  Robin Milner,et al.  Theories for the Global Ubiquitous Computer , 2004, FoSSaCS.

[4]  Benjamin Grégoire,et al.  Computer-Aided Security Proofs for the Working Cryptographer , 2011, CRYPTO.

[5]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[6]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[7]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[8]  Amir Pnueli,et al.  CoVaC: Compiler Validation by Program Analysis of the Cross-Product , 2008, FM.

[9]  Nick Benton,et al.  Simple relational correctness proofs for static analyses and program transformations , 2004, POPL.

[10]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[11]  Peter Lee,et al.  Automatic numeric abstractions for heap-manipulating programs , 2010, POPL '10.

[12]  Hongseok Yang,et al.  Relational separation logic , 2007, Theor. Comput. Sci..

[13]  Gilles Barthe,et al.  Certificate Translation in Abstract Interpretation , 2008, ESOP.

[14]  Xavier Leroy,et al.  Formal Verification of a C-like Memory Model and Its Uses for Verifying Program Transformations , 2008, Journal of Automated Reasoning.

[15]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[16]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[17]  Amir Pnueli,et al.  TVOC: A Translation Validator for Optimizing Compilers , 2005, CAV.

[18]  Elisabeth Oswald,et al.  A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework , 2011, CRYPTO.

[19]  Carroll Morgan,et al.  Programming from specifications , 1990, Prentice Hall International Series in computer science.

[20]  Peter Müller,et al.  A Program Logic for Bytecode , 2005, Electron. Notes Theor. Comput. Sci..

[21]  Kaisa Sere,et al.  FM 2008: Formal Methods, 15th International Symposium on Formal Methods, Turku, Finland, May 26-30, 2008, Proceedings , 2008, FM.

[22]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[23]  Todd Millstein,et al.  Automatic predicate abstraction of C programs , 2001, PLDI '01.

[24]  Andrew W. Appel,et al.  A Compositional Logic for Control Flow , 2006, VMCAI.

[25]  Jan Olaf Blech,et al.  Translation Validation of System Abstractions , 2007, RV.

[26]  Amir Pnueli,et al.  VOC: A Methodology for the Translation Validation of OptimizingCompilers , 2003, J. Univers. Comput. Sci..

[27]  Gilles Barthe,et al.  Relational Verification Using Product Programs , 2011, FM.

[28]  Peter W. O'Hearn,et al.  A Semantic Basis for Local Reasoning , 2002, FoSSaCS.

[29]  Rastislav Bodík,et al.  Programming with angelic nondeterminism , 2010, POPL '10.