Relational Logic with Framing and Hypotheses

Banerjee, Anindya; Naumann, David A.; Nikouei, Mohammad

doi:10.4230/lipics.fsttcs.2016.11

Cited by 11 publications

(6 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…PEQUOD performs such reasoning automatically. Previous work has proposed frameworks that allow a prover to verify that recursive programs satisfy a mutual summary [3,4,11,14,15], but require the user to direct how procedures must be paired, and in some cases provide mutual summaries. Other approaches for verifying relational properties of singleprocedure programs have been significantly automated [21], but the developed automation tactics are carefully tuned to syntactic forms of the programs and would be non-trivial to generalize to programs that contain multiple procedures.…”

Section: Discussionmentioning

confidence: 99%

Relational Verification via Invariant-Guided Synchronization

Zhou

Heath

Harris

2019

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Relational properties describe relationships that hold over multiple executions of one or more programs, such as functional equivalence. Conventional approaches for automatically verifying such properties typically rely on syntax-based, heuristic strategies for finding synchronization points among the input programs. These synchronization points are then annotated with appropriate relational invariants to complete the proof. However, when suboptimal synchronization points are chosen the required invariants can be complicated or even inexpressible in the target theory.In this work, we propose a novel approach to verifying relational properties. This approach searches for synchronization points and synthesizes relational invariants simultaneously. Specifically, the approach uses synthesized invariants as a guide for finding proper synchronization points that lead to a complete proof. We implemented our approach as a tool named PEQUOD, which targets Java Virtual Machine (JVM) bytecode. We evaluated PEQUOD by using it to solve verification challenges drawn from the from the research literature and by verifying properties of student-submitted solutions to online challenge problems. The results show that PEQUOD solve verification problems that cannot be addressed by current techniques.

show abstract

Section: Discussionmentioning

confidence: 99%

Relational Verification via Invariant-Guided Synchronization

Zhou

Heath

Harris

2019

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

show abstract

“…For instance, one alternative approaches to using atomic triples is to prove that the template-level atomic specification contextually refines the client-level atomic specification of multicopy structures using a relational program logic. A number of prior works have developed such refinement-based approaches [Banerjee et al 2016;Frumin et al 2018Frumin et al , 2020, including for settings that involve unbounded helping [Liang and Feng 2013;Turon et al 2013]. An alternative approach to using prophecy variables for reasoning about non-fixed linearization points is to explicitly construct a partial order of events as the program executes, effectively representing all the possible linearizations that are consistent with the observations made so far [Khyzha et al 2017].…”

Section: Related Workmentioning

confidence: 99%

Verifying Concurrent Multicopy Search Structures

Patel¹,

Krishna²,

Shasha³

et al. 2021

Preprint

View full text Add to dashboard Cite

Multicopy search structures such as log-structured merge (LSM) trees are optimized for high insert/update/delete (collectively known as upsert) performance. In such data structures, an upsert on key 𝑘, which adds (𝑘, 𝑣) where 𝑣 can be a value or a tombstone, is added to the root node even if 𝑘 is already present in other nodes. Thus there may be multiple copies of 𝑘 in the search structure. A search on 𝑘 aims to return the value associated with the most recent upsert. We present a general framework for verifying linearizability of concurrent multicopy search structures that abstracts from the underlying representation of the data structure in memory, enabling proof-reuse across diverse implementations. Based on our framework, we propose template algorithms for a) LSM structures forming arbitrary directed acyclic graphs and b) differential file structures, and formally verify these templates in the concurrent separation logic Iris. We also instantiate the LSM template to obtain the first verified concurrent in-memory LSM tree implementation.

show abstract

“…In other cases, one might be interested in relating two runs of a single program, but, as soon as the control flow can differ between the two runs, the compositional verification problem becomes the same as relating two different programs. This is for instance the case for noninterference, which requires that a program's public outputs are independent of its private inputs [Antonopoulos et al 2017;Banerjee et al 2016;Clarkson and Schneider 2010;Nanevski et al 2013;Sabelfeld and Myers 2003;Sousa and Dillig 2016]. The list of practical applications of relational verification is, however, much longer, including showing the correctness of program transformations [Benton 2004], cost analysis [Çiçek et al 2017;Qu et al 2019;Radicek et al 2018], program approximation [Carbin et al 2012;He et al 2018], semantic diffing [Lahiri et al 2012;Wang et al 2018], cryptographic proofs [Barthe et al 2009[Barthe et al , 2013a[Barthe et al , 2014Petcher and Morrisett 2015;Unruh 2019], differential privacy [Barthe et al 2013b[Barthe et al , 2015Gavazzo 2018;Zhang and Kifer 2017], and even machine learning [Sato et al 2019].…”

Section: Introductionmentioning

confidence: 99%

“…Yet they can often greatly simplify reasoning by leveraging the syntactic similarities between the programs we relate. Since Benton's [2004] seminal Relational Hoare Logic, many relational program logics have been proposed [Aguirre et al 2017;Banerjee et al 2016;Barthe et al 2013bBarthe et al , 2014Barthe et al , 2015Barthe et al , 2016Carbin et al 2012;Nanevski et al 2013;Petcher and Morrisett 2015;Qu et al 2019;Radicek et al 2018;Sato et al 2019;Sousa and Dillig 2016;Unruh 2019;Yang 2007;Zhang and Kifer 2017]. However, each of these logics is specific to a particular combination of side-effects that is completely fixed by the programming language and verification framework; the most popular side-effects these logics bake in are mutable state, general recursion, cost, and probabilities.…”

Section: Introductionmentioning

confidence: 99%

The next 700 relational program logics

Maillard

Hriţcu

Rivas

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We propose the first framework for defining relational program logics for arbitrary monadic effects. The framework is embedded within a relational dependent type theory and is highly expressive. At the semantic level, we provide an algebraic characterization for relational specifications as a class of relative monads, and link computations and specifications by introducing relational effect observations, which map pairs of monadic computations to relational specifications in a way that respects the algebraic structure. For an arbitrary relational effect observation, we generically define the core of a sound relational program logic, and explain how to complete it to a full-fledged logic for the monadic effect at hand. We show that by instantiating our framework with state and unbounded iteration we can embed a variant of Benton's Relational Hoare Logic, and also sketch how to reconstruct Relational Hoare Type Theory. Finally, we identify and overcome conceptual challenges that prevented previous relational program logics from properly dealing with effects such as exceptions, and are the first to provide a proper semantic foundation and a relational program logic for exceptions.

show abstract

Relational Logic with Framing and Hypotheses

Cited by 11 publications

References 0 publications

Relational Verification via Invariant-Guided Synchronization

Relational Verification via Invariant-Guided Synchronization

Verifying Concurrent Multicopy Search Structures

The next 700 relational program logics

Contact Info

Product

Resources

About