Cartesian hoare logic for verifying k-safety properties

Sousa, Marcelo; Dillig, Işıl

doi:10.1145/2908080.2908092

Cited by 114 publications

(122 citation statements)

References 17 publications

Supporting

Mentioning

119

Contrasting

Unclassified

Order By: Relevance

“…Instead, we make use of the generality of our approach to prove application-specific relational properties (including 4-and 6-ary relations) of higher-order programs with local state. In contrast, most prior relational logics are specialized to proving binary relations, or, at best, properties of n runs of a single first-order program (Sousa and Dillig 2016).…”

Section: Program Optimizations and Refinementmentioning

confidence: 99%

“…While some systems have been designed for the efficient verification of specialized relational properties of programs (notably information-flow type systems, e.g., Sabelfeld and Myers (2003a)), others support larger classes of properties. These include tools based on product program constructions for automatically proving relations between first-order imperative programs (e.g., SymDiff (Lahiri et al 2012) and Descartes (Sousa and Dillig 2016)), as well as relational program logics (Benton 2004) that support interactive verification of relational properties within proof assistants (e.g., EasyCrypt (Barthe et al 2012) and RHTT (Nanevski et al 2013)). …”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A monadic framework for relational verification: applied to information security, program equivalence, and optimizations

Grimm

Maillard

Fournet

et al. 2018

Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs

View full text Add to dashboard Cite

Relational properties describe multiple runs of one or more programs. They characterize many useful notions of security, program refinement, and equivalence for programs with diverse computational effects, and they have received much attention in the recent literature. Rather than developing separate tools for special classes of effects and relational properties, we advocate using a general purpose proof assistant as a unifying framework for the relational verification of effectful programs. The essence of our approach is to model effectful computations using monads and to prove relational properties on their monadic representations, making the most of existing support for reasoning about pure programs.We apply this method in F ⋆ and evaluate it by encoding a variety of relational program analyses, including information flow control, semantic declassification, program equivalence and refinement at higher order, correctness of program optimizations and game-based cryptographic security. By relying on SMT-based automation, unary weakest preconditions, user-defined effects, and monadic reification, we show that, compared to unary properties, verifying relational properties requires little additional effort from the F ⋆ programmer.

show abstract

Section: Program Optimizations and Refinementmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A monadic framework for relational verification: applied to information security, program equivalence, and optimizations

Grimm

Maillard

Fournet

et al. 2018

Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs

View full text Add to dashboard Cite

show abstract

“…Hoare logic [27] is one of the most widely-used logics for proof-based verification of software. Variants of Hoare logic have been proposed for verifying relational, and in particular, k-safety properties [28][29][30]. An advantage of these techniques is that they avoid the state-space explosion problem, because they do not check the whole state space of the program.…”

Section: Case Studymentioning

confidence: 99%

Verifying Weak Probabilistic Noninterference

Noroozi¹,

Karimpour²,

Isazadeh³

et al. 2017

ijacsa

View full text Add to dashboard Cite

Abstract-Weak probabilistic noninterference is a security property for enforcing confidentiality in multi-threaded programs. It aims to guarantee secure flow of information in the program and ensure that sensitive information does not leak to attackers. In this paper, the problem of verifying weak probabilistic noninterference by leveraging formal methods, in particular algorithmic verification, is discussed. Behavior of multi-threaded programs is modeled using probabilistic Kripke structures and formalize weak probabilistic noninterference in terms of these structures. Then, a verification algorithm is proposed to check weak probabilistic noninterference. The algorithm uses an abstraction technique to compute quotient space of the program with respect to an equivalence relation called weak probabilistic bisimulation and does a simple check to decide whether the security property is satisfied or not. The progress made is demonstrated by a real-world case study. It is expected that the proposed approach constitutes a significant step towards more widely applicable secure information flow analysis.

show abstract

“…Representative efforts include those that target general analysis using relational program logics and frameworks [4,5,8,27,31] or specific applications such as security verification [1,7,9], compiler validation [16,32], and differential program analysis [17,19,[21][22][23]. These efforts are supported by tools that range from automatic verifiers to interactive theorem-provers.…”

Section: Introductionmentioning

confidence: 99%

“…In contrast, a parallel composition would provide potential for aligning the loop bodies, where relational invariants may be easier to establish than a functional loop invariant. Examples of techniques that exploit opportunities for such alignment include use of type-based analysis with self-composition [29], allowing flexibility in composition to be a mix of sequential and parallel [6], exploiting structurally equivalent programs for compiler validation [32], lockstep execution of loops in reasoning using Cartesian Hoare Logic [27], and merging Horn clause rules for relational verification [13,24].…”

Section: Introductionmentioning

confidence: 99%

Exploiting Synchrony and Symmetry in Relational Verification

Pick

Fedyukovich

Gupta

2018

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. Relational safety specifications describe multiple runs of the same program or relate the behaviors of multiple programs. Approaches to automatic relational verification often compose the programs and analyze the result for safety, but a naively composed program can lead to difficult verification problems. We propose to exploit relational specifications for simplifying the generated verification subtasks. First, we maximize opportunities for synchronizing code fragments. Second, we compute symmetries in the specifications to reveal and avoid redundant subtasks. We have implemented these enhancements in a prototype for verifying k-safety properties on Java programs. Our evaluation confirms that our approach leads to a consistent performance speedup on a range of benchmarks.

show abstract

Cartesian hoare logic for verifying k-safety properties

Cited by 114 publications

References 17 publications

A monadic framework for relational verification: applied to information security, program equivalence, and optimizations

A monadic framework for relational verification: applied to information security, program equivalence, and optimizations

Verifying Weak Probabilistic Noninterference

Exploiting Synchrony and Symmetry in Relational Verification

Contact Info

Product

Resources

About