Verifying Relational Properties using Trace Logic

Barthe, Gilles; Eilers, Renate; Georgiou, Pamina; Gleiss, Bernhard; Kovács, Laura; Maffei, Matteo

doi:10.23919/fmcad.2019.8894277

Cited by 18 publications

(28 citation statements)

References 54 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…al. [2] uses firstorder logic (FOL) to express hyper properties, e. g. non-interference. The FOL signature contains the theory of natural numbers and integer, and also includes symbols denoting time-points, last iterations in loops, program variables and traces.…”

Section: Generalized Testmentioning

confidence: 99%

See 1 more Smart Citation

Relational Test Tables

Weigl

Ulbrich

Cha

et al. 2020

Proceedings of the 8th International Conference on Formal Methods in Software Engineering

View full text Add to dashboard Cite

A wide range of interesting program properties are relational, i.e., they described a relation between two program runs. Two prominent relational properties are the regression verification (proving conditional program equivalence), and non-interference (proving the absence of information flow). The verification of relational properties is hardly accessible to engineers due to the lack of appropriate specification languages for relational properties. In previous work, we introduced the concept of generalized test tables: a table-based specification language, which allows the tight temporal specification of functional (nonrelational) properties for reactive systems. We introduce relational test tables-an extension of generalized test tables for the specification of relational properties. Relational test tables support specification of-safety properties (a super set of relational properties) between ≥ 2 program runs. We show the applicability of relational test tables by specifying and verifying change scenarios and information flow of reactive systems. We provide an implementation of the verification pipeline for programs following the IEC 61131-3 coding standard under http://github.com/ VerifAPS/verifaps-lib. CCS CONCEPTS • Software and its engineering → Software verification; Model checking; • General and reference → Verification; • Security and privacy → Software security engineering.

show abstract

Section: Generalized Testmentioning

confidence: 99%

“…underlying program, but only one common duration column. 2 To tackle the previously stated limitation, we add the following syntactical concepts: (a) (Explicit) references to variables in specific programs, including abbreviations. (b) Functions in the column header, and (c) We introduce a column type -the control column.…”

Section: Relational Test Tablesmentioning

confidence: 99%

Relational Test Tables

Weigl

Ulbrich

Cha

et al. 2020

Proceedings of the 8th International Conference on Formal Methods in Software Engineering

View full text Add to dashboard Cite

show abstract

“…Probabilistic noninterference [ 28 , 29 , 30 ] and observational determinism [ 10 , 31 , 32 , 33 , 34 , 35 ] have been used as information flow properties to characterize the security of concurrent programs. For verifying these security properties, type systems [ 28 , 29 , 31 , 32 ], algorithmic verification [ 10 , 30 , 33 , 34 ], program analysis [ 35 ], and logics [ 36 , 37 , 38 ] have been utilized. In qualitative information flow, the security property gets rejected when there is a leakage, even a minor one.…”

Section: Related Workmentioning

confidence: 99%

Channel Capacity of Concurrent Probabilistic Programs

Salehi

Karimpour

Izadkhah

et al. 2019

Entropy

View full text Add to dashboard Cite

Programs are under continuous attack for disclosing secret information, and defending against these attacks is becoming increasingly vital. An attractive approach for protection is to measure the amount of secret information that might leak to attackers. A fundamental issue in computing information leakage is that given a program and attackers with various knowledge of the secret information, what is the maximum amount of leakage of the program? This is called channel capacity. In this paper, two notions of capacity are defined for concurrent probabilistic programs using information theory. These definitions consider intermediate leakage and the scheduler effect. These capacities are computed by a constrained nonlinear optimization problem. Therefore, an evolutionary algorithm is proposed to compute the capacities. Single preference voting and dining cryptographers protocols are analyzed as case studies to show how the proposed approach can automatically compute the capacities. The results demonstrate that there are attackers who can learn the whole secret of both the single preference protocol and dining cryptographers protocol. The proposed evolutionary algorithm is a general approach for computing any type of capacity in any kind of program.

show abstract

“…As a special case of superposition, demodulation is implemented in first-order provers such as E [14], Spass [21] and Vampire [10]. Recent applications of superposition-based reasoning, for example to program analysis and verification [5], demand however new and efficient extensions of demodulation to reason about and simplify upon conditional equalities C → l r, where C is a first-order formula. Such conditional equalities may, for example, encode software properties expressed in a guarded command language, with C denoting a guard (such as a loop condition) and l r encoding equational properties over program variables.…”

Section: Introductionmentioning

confidence: 99%

“…Example 1 demonstrates that subsumption demodulation applies in situations where AVATAR does not: in each clause of (4), all literals share the variable i and hence none of the clauses from (4) can be split using AVATAR. That is, AVATAR would not generate unit equalities from (4), and therefore cannot apply demodulation over (4) to derive (5).…”

Section: Introductionmentioning

confidence: 99%

Subsumption Demodulation in First-Order Theorem Proving

Gleiss

Kovács

Rath

2020

Automated Reasoning

Self Cite

View full text Add to dashboard Cite

Motivated by applications of first-order theorem proving to software analysis, we introduce a new inference rule, called subsumption demodulation, to improve support for reasoning with conditional equalities in superposition-based theorem proving. We show that subsumption demodulation is a simplification rule that does not require radical changes to the underlying superposition calculus. We implemented subsumption demodulation in the theorem prover Vampire, by extending Vampire with a new clause index and adapting its multi-literal matching component. Our experiments, using the TPTP and SMT-LIB repositories, show that subsumption demodulation in Vampire can solve many new problems that could so far not be solved by state-of-the-art reasoners.

show abstract

Verifying Relational Properties using Trace Logic

Cited by 18 publications

References 54 publications

Relational Test Tables

Relational Test Tables

Channel Capacity of Concurrent Probabilistic Programs

Subsumption Demodulation in First-Order Theorem Proving

Contact Info

Product

Resources

About