Modular Verification of Procedure Equivalence in the Presence of Memory Allocation

For most high level languages, two procedures are equivalent if they transform a pair of isomorphic stores to isomorphic stores. However, tools for modular checking of such equivalence impose a stronger check where isomorphism is strengthened to equality of stores. This results in the inability to prove many interesting program pairs with recursion and dynamic memory allocation. In this work, we present RIE, a methodology to modularly establish equivalence of procedures in the presence of memory allocation, cyclic data structures and recursion. Our technique addresses the need for finding witnesses to isomorphism with angelic allocation, supports reasoning about equivalent procedures calls when the stores are only locally isomorphic, and reasoning about changes in the order of procedure calls. We have implemented RIE by encoding it in the Boogie program verifier. We describe the encoding and prove its soundness.

[1]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[2]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[3]  Shuvendu K. Lahiri,et al.  Towards Modularly Comparing Programs Using Automated Theorem Provers , 2013, CADE.

[4]  Ofer Strichman,et al.  Proving mutual termination , 2015, Formal Methods Syst. Des..

[5]  Gabriele Bavota,et al.  When Does a Refactoring Induce Bugs? An Empirical Study , 2012, 2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation.

[6]  Shuvendu K. Lahiri,et al.  Differential assertion checking , 2013, ESEC/FSE 2013.

[7]  Andrew M. Pitts,et al.  Operational Semantics and Program Equivalence , 2000, APPSEM.

[8]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[9]  Sorin Lerner,et al.  Equality-Based Translation Validator for LLVM , 2011, CAV.

[10]  Nick Benton,et al.  Simple relational correctness proofs for static analyses and program transformations , 2004, POPL.

[11]  Shuvendu K. Lahiri,et al.  SYMDIFF: A Language-Agnostic Semantic Diff Tool for Imperative Programs , 2012, CAV.

[12]  Anindya Banerjee,et al.  Relational Logic with Framing and Hypotheses , 2016, FSTTCS.

[13]  Yassine Lakhnech,et al.  Storeless semantics and alias logic , 2003, PEPM '03.

[14]  Gilles Barthe,et al.  Beyond 2-Safety: Asymmetric Product Programs for Relational Program Verification , 2013, LFCS.

[15]  Gilles Barthe,et al.  Product programs and relational program logics , 2016, J. Log. Algebraic Methods Program..

[16]  Lennart Beringer,et al.  Relational Decomposition , 2011, ITP.

[17]  Dan R. Ghica,et al.  Abstract Models of Storage , 2000, High. Order Symb. Comput..

[18]  Vladimir Klebanov,et al.  Automating regression verification , 2014, Software Engineering & Management.

[19]  Gilles Barthe,et al.  Relational Verification Using Product Programs , 2011, FM.

[20]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[21]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .

[22]  Edsger W. Dijkstra,et al.  Structured programming , 1972, A.P.I.C. Studies in data processing.

[23]  Mitchell Wand,et al.  Small bisimulations for reasoning about higher-order imperative programs , 2006, POPL '06.

[24]  Hongseok Yang,et al.  Relational separation logic , 2007, Theor. Comput. Sci..

[25]  Nick Benton Abstracting Allocation , 2006, CSL.

[26]  Zhendong Su,et al.  Compiler validation via equivalence modulo inputs , 2014, PLDI.

[27]  Martin Hofmann,et al.  Relational semantics for effect-based program transformations with dynamic allocation , 2007, PPDP '07.

[28]  K. Rustan M. Leino,et al.  A semantic approach to secure information flow , 2000, Sci. Comput. Program..

[29]  J. W. deBakker Axiomatics of simple assignment statements , 1968 .

[30]  Nikos Tzevelekos Program equivalence in a simple language with state , 2012, Comput. Lang. Syst. Struct..

[31]  J. Gregory Morrisett,et al.  Evaluating value-graph translation validation for LLVM , 2011, PLDI '11.

[32]  K. Rustan M. Leino,et al.  Verification of Equivalent-Results Methods , 2008, ESOP.

[33]  Daniel Kroening,et al.  Behavioral consistency of C and Verilog programs using bounded model checking , 2003, Proceedings 2003. Design Automation Conference (IEEE Cat. No.03CH37451).

[34]  Ofer Strichman,et al.  Regression verification , 2009, 2009 46th ACM/IEEE Design Automation Conference.

[35]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[36]  Ofer Strichman,et al.  Regression Verification for Unbalanced Recursive Functions , 2016, FM.

[37]  João Saraiva,et al.  Applied Semantics, International Summer School, APPSEM 2000, Caminha, Portugal, September 9-15, 2000, Advanced Lectures , 2000 .

[38]  Eran Yahav,et al.  Abstract semantic differencing via speculative correlation , 2014, OOPSLA.

[39]  Shuvendu K. Lahiri,et al.  Conditional Equivalence , 2010 .

[40]  Miryung Kim,et al.  An empirical study of supplementary bug fixes , 2012, 2012 9th IEEE Working Conference on Mining Software Repositories (MSR).

[41]  Amir Pnueli,et al.  CoVaC: Compiler Validation by Program Analysis of the Cross-Product , 2008, FM.

[42]  Xiangyu Zhang,et al.  Memory indexing: canonicalizing addresses across executions , 2010, FSE '10.

[43]  Sorin Lerner,et al.  Proving optimizations correct using parameterized program equivalence , 2009, PLDI '09.

[44]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.