Relational Symbolic Execution

Symbolic execution is a classical program analysis technique used to show that programs satisfy or violate given specifications. In this work we generalize symbolic execution to support program analysis for relational specifications in the form of relational properties - these are properties about two runs of two programs on related inputs, or about two executions of a single program on related inputs. Relational properties are useful to formalize notions in security and privacy, and to reason about program optimizations. We design a relational symbolic execution engine, named RelSym which supports interactive refutation, as well as proving of relational properties for programs written in a language with arrays and for-like loops.

[1]  Benjamin Grégoire,et al.  Probabilistic relational verification for cryptographic implementations , 2014, POPL.

[2]  Benjamin C. Pierce,et al.  Distance makes the types grow stronger: a calculus for differential privacy , 2010, ICFP '10.

[3]  Nick Benton,et al.  Simple relational correctness proofs for static analyses and program transformations , 2004, POPL.

[4]  Isil Dillig,et al.  Cartesian hoare logic for verifying k-safety properties , 2016, PLDI.

[5]  R Core Team,et al.  R: A language and environment for statistical computing. , 2014 .

[6]  Emina Torlak,et al.  Nickel: A Framework for Design and Verification of Information Flow Control Systems , 2018, OSDI.

[7]  Gilles Barthe,et al.  Probabilistic Relational Reasoning for Differential Privacy , 2012, TOPL.

[8]  Aws Albarghouthi,et al.  Synthesizing coupling proofs of differential privacy , 2017, Proc. ACM Program. Lang..

[9]  Lennart Beringer,et al.  Relational Decomposition , 2011, ITP.

[10]  Sumit Gulwani,et al.  Continuity analysis of programs , 2010, POPL '10.

[11]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[12]  Naoki Kobayashi,et al.  Verifying Relational Properties of Functional Programs by First-Order Refinement , 2015, PEPM.

[13]  Deepak Garg,et al.  Dependent Type Theory for Verification of Information Flow and Access Control Policies , 2013, TOPL.

[14]  Gilles Barthe,et al.  Higher-Order Approximate Relational Refinement Types for Mechanism Design and Differential Privacy , 2014, POPL.

[15]  Peter Dalgaard,et al.  R Development Core Team (2010): R: A language and environment for statistical computing , 2010 .

[16]  Andrei Voronkov,et al.  Invariant Generation in Vampire , 2011, TACAS.

[17]  Toshiro Homma On an Iterative Method , 1964 .

[18]  Julien Signoles,et al.  Hypercollecting semantics and its application to static analysis of information flow , 2016, POPL.

[19]  Michael Hicks,et al.  Decomposition instead of self-composition for proving the absence of timing channels , 2017, PLDI.

[20]  Bernhard Beckert,et al.  The KeY Platform for Verification and Analysis of Java Programs , 2014, VSTTE.

[21]  Zhong Shao,et al.  A Separation Logic for Enforcing Declarative Information Flow Control Policies , 2014, POST.

[22]  Isil Dillig,et al.  Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic , 2017, CCS.

[23]  Jérôme Feret,et al.  Abstract Interpretation-Based Static Analysis of Mobile Ambients , 2001, SAS.

[24]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[25]  Martin Hofmann,et al.  Elimination of Ghost Variables in Program Logics , 2007, TGC.

[26]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[27]  Reiner Hähnle,et al.  A Theorem Proving Approach to Analysis of Secure Information Flow , 2005, SPC.

[28]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[29]  William R. Harris,et al.  Proving Flow Security of Sequential Logic via Automatically-Synthesized Relational Invariants , 2017, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[30]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[31]  Reiner Hähnle,et al.  Symbolic Execution Debugger (SED) , 2014, RV.

[32]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[33]  Grigory Fedyukovich,et al.  Exploiting Synchrony and Symmetry in Relational Verification , 2018, CAV.

[34]  Dave Clarke,et al.  Noninterference via Symbolic Execution , 2012, FMOODS/FORTE.

[35]  Peter Müller,et al.  Modular Product Programs , 2018, ESOP.

[36]  Marco Gaboardi,et al.  Relational cost analysis , 2017, POPL.

[37]  Roberto Giacobazzi,et al.  Abstract non-interference: parameterizing non-interference by abstract interpretation , 2004, POPL.

[38]  Anindya Banerjee,et al.  Relational Logic with Framing and Hypotheses , 2016, FSTTCS.

[39]  Laura K. Dillon,et al.  Using symbolic execution for verification of Ada tasking programs , 1990, TOPL.

[40]  Zhoujun Li,et al.  An Iterative Method for Generating Loop Invariants , 2011, FAW-AAIM.

[41]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[42]  Thomas H. Austin,et al.  Multiple facets for dynamic information flow , 2012, POPL '12.

[43]  J. McCarthy A basis for a mathematical theory of computation, preliminary report , 1961, IRE-AIEE-ACM '61 (Western).

[44]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[45]  Benjamin C. Pierce,et al.  Testing noninterference, quickly , 2013, Journal of Functional Programming.

[46]  Gilles Barthe,et al.  Relational Verification Using Product Programs , 2011, FM.

[47]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[48]  Matthew B. Dwyer,et al.  Differential symbolic execution , 2008, SIGSOFT '08/FSE-16.

[49]  Shengchao Qin,et al.  Loop invariant synthesis in a combined abstract domain , 2013, J. Symb. Comput..

[50]  Jan Vitek,et al.  Evaluating the Design of the R Language - Objects and Functions for Data Analysis , 2012, ECOOP.

[51]  Sumit Gulwani,et al.  Continuity and robustness of programs , 2012, CACM.