An abstract interpretation-based model for safety semantics

In this paper, we describe safety semantics as abstract interpretation of a trace-based operational semantics of a transition system. Intuitively, a property is safety if ‘nothing bad will happen’. Formally this is described by saying that a property is safety if it is maximal with respect to a given set of allowed partial executions. We show that this can be specified in the standard Cousot's framework of abstract interpretation. In particular, we show that this semantics can be derived as fixpoint of a semantic operator. This construction provides a formal characterization of the constructive nature of safety properties, that can be enforced by means of execution monitors. By using the same construction, we show that while safety without stuttering preserves the constructive nature, safety properties allowing cancellation of states lose the constructive characterization. Finally, we characterize safety properties as the closed elements of a closure, and we show that in the abstract interpretation framework safety and liveness properties lose their complementary nature.

[1]  H. Peter Gumm Another Glance at the Alpern-Schneider Characterization of Safety and Liveness in Concurrent Executions , 1993, Inf. Process. Lett..

[2]  Leslie Lamport,et al.  Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[3]  Patrick Cousot,et al.  Constructive design of a hierarchy of semantics of a transition system by abstract interpretation , 2002, MFPS.

[4]  Roberto Giacobazzi,et al.  Weak relative pseudo-complements of closure operators , 1996 .

[5]  Stefan Friedrich,et al.  Topology , 2019, Arch. Formal Proofs.

[6]  A. Prasad Sistla,et al.  On characterization of safety and liveness properties in temporal logic , 1985, ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing.

[7]  Roberto Giacobazzi,et al.  Making abstract interpretations complete , 2000, JACM.

[8]  Bowen Alpern,et al.  Recognizing safety and liveness , 2005, Distributed Computing.

[9]  Edward Y. Chang,et al.  Characterization of Temporal Property Classes , 1992, ICALP.

[10]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[11]  Christel Baier,et al.  On Topological Hierarchies of Temporal Properties , 1997, Fundam. Informaticae.

[12]  W. Thomas Safety- and liveness-properties in propositional temporal logic: characterizations and decidability , 1988 .

[13]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[14]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[15]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[16]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[17]  Leslie Lamport,et al.  Proving Liveness Properties of Concurrent Programs , 1982, TOPL.

[18]  Patrick Cousot,et al.  Inductive definitions, semantics and abstract interpretations , 1992, POPL '92.

[19]  Gilberto Filé,et al.  Complementation of Abstract Domains made Easy , 1996, JICSLP.

[20]  Roberto Giacobazzi,et al.  Refining and Compressing Abstract Domains , 1997, ICALP.

[21]  A. Prasad Sistla,et al.  Safety, liveness and fairness in temporal logic , 1994, Formal Aspects of Computing.

[22]  Bowen Alpern,et al.  Safety Without Stuttering , 1986, Inf. Process. Lett..

[23]  Jerrold L. Wagener Guarded command , 2003 .

[24]  Samson Abramsky,et al.  Handbook of logic in computer science (vol. 1): background: mathematical structures , 1993 .

[25]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[26]  Krzysztof R. Apt,et al.  Countable nondeterminism and random assignment , 1986, JACM.

[27]  P. H. Dwinger,et al.  On the Closure Operators of a Complete Lattice , 1954 .

[28]  Zahava Shmuely,et al.  The structure of Galois connections. , 1974 .

[29]  Dimitrie O. Paun,et al.  Closure under stuttering in temporal formulas , 1999 .

[30]  Lujo Bauer,et al.  Enforcing Non-safety Security Policies with Program Monitors , 2005, ESORICS.

[31]  K. Hofmann,et al.  A Compendium of Continuous Lattices , 1980 .

[32]  Samson Abramsky,et al.  Domain theory , 1995, LICS 1995.

[33]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[34]  J. W. de Bakker,et al.  Mathematical theory of program correctness , 1980, Prentice-Hall international series in computer science.

[35]  Agostino Cortesi,et al.  Complementation in abstract interpretation , 1997, TOPL.

[36]  P. Cousot,et al.  Constructive versions of tarski's fixed point theorems , 1979 .

[37]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .

[38]  Kevin W. Hamlen,et al.  Computability classes for enforcement mechanisms , 2006, TOPL.

[39]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[40]  Philip W. L. Fong Access control by tracking shallow execution history , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.