Hyper Hoare Logic: (Dis-)Proving Program Hyperproperties (extended version)

Dardinier, Thibault; Müller, Peter

doi:10.48550/arxiv.2301.10037

Cited by 7 publications

(8 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since our paper was conditionally accepted to OOPSLA, a closely related paper has appeared on arXiv, which presents a program logic, called Hyper Hoare Logic, for proving and disproving program hyper-properties (properties relating multiple program traces) [Dardinier and Müller 2023]. It achieves this using the same underlying semantics as Outcome Logic instantiated to the powerset monad.…”

Section: Related Workmentioning

confidence: 99%

Outcome Logic: A Unifying Foundation for Correctness and Incorrectness Reasoning

Zilberstein

Dreyer

Silva

2023

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Program logics for bug-finding (such as the recently introduced Incorrectness Logic) have framed correctness and incorrectness as dual concepts requiring different logical foundations. In this paper, we argue that a single unified theory can be used for both correctness and incorrectness reasoning. We present Outcome Logic (OL), a novel generalization of Hoare Logic that is both monadic (to capture computational effects) and monoidal (to reason about outcomes and reachability). OL expresses true positive bugs, while retaining correctness reasoning abilities as well. To formalize the applicability of OL to both correctness and incorrectness, we prove that any false OL specification can be disproven in OL itself. We also use our framework to reason about new types of incorrectness in nondeterministic and probabilistic programs. Given these advances, we advocate for OL as a new foundational theory of correctness and incorrectness.

show abstract

Section: Related Workmentioning

confidence: 99%

Outcome Logic: A Unifying Foundation for Correctness and Incorrectness Reasoning

Zilberstein

Dreyer

Silva

2023

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…Recently, a number of new program logics have been defined to reason about correctness and incorrectness within a unified framework. Outcome logic [20] (OL) and Hyper-Hoare Logic [21] (HHL) allow to express verification conditions as well as incorrectness conditions through refutation of specifications. HHL is designed to verify hyper-properties, unlike OL which currently has no such application.…”

Section: Judgementsmentioning

confidence: 99%

Relational Adversarial Logic

Vanegue

2023

Preprint

View full text Add to dashboard Cite

Adversarial Logic is an extension of Incorrectness Logic providing a formal framework to study \emph{security exploits}. This article introduces \emph{Relational Adversarial Logic} (RAL), a derived logic from AL capable of reasoning on attack proofs for software security hyper-properties. Unlike other approaches to under-approximate relational analysis, we model the relation between two comparable implementations by introducing an explicit adversarial term, which is composed in parallel to the programs under comparison. Unlike in the original Adversarial logic where the parallel composition is used to model the adversary as a saboteur, the adversarial term is used as an arbiter in RAL. As such, RAL can express relational under-approximation without introducing meta-variables or a higher level logic. We demonstrate the relational capabilities of RAL by modeling a real URL confusion vulnerability between two widespread URL parsing implementations. Our presentation demonstrates that it only suffices to introduce new derived rules from AL, rather than introducing a new logic or relying on meta-variables as done in other approaches. As such, RAL retains simplicity and is more faithful to the original incorrectness logic by O'Hearn, from which it inherits its soundness.

show abstract

“…This design method has perdured over time, even if, nowadays, soundness and completeness proofs are often published together with the logic (e.g. [9,31,32,43,64,67,93,97,98] a.o.). Therefore, in this "classic approach" the program properties of interest (partial correctness, total correctness, incorrectness, etc) are the one provable by the proof system, while soundness and completeness theorems aims at connecting the provable properties to the program semantics.…”

Section: The Classic Proof-theoretic Approachmentioning

confidence: 99%

“…[58] incorporate reasoning about non-terminating specifications. [31,Section 5] expresses different (hyper) logics in a common framework. [79] derives a logic from an abstraction.…”

Section: Ii9 Related Workmentioning

confidence: 99%

“…The approach applies to all abstractions of the collecting semantics into a relation. For future work, this same principled approach can be used to design hyper logics [31], including dependency logics, to include meta information in predicates with an instrumented semantics (e.g. [93,97,98]), and to extend temporal logics like [75] to programming languages by structural induction and local invariants [10].…”

Section: Ii10 Conclusionmentioning

confidence: 99%

See 1 more Smart Citation