skip to main content
research-article
Open Access
Artifacts Available
Artifacts Evaluated & Functional

Recalling a witness: foundations and applications of monotonic state

Published:27 December 2017Publication History
Skip Abstract Section

Abstract

We provide a way to ease the verification of programs whose state evolves monotonically. The main idea is that a property witnessed in a prior state can be soundly recalled in the current state, provided (1) state evolves according to a given preorder, and (2) the property is preserved by this preorder. In many scenarios, such monotonic reasoning yields concise modular proofs, saving the need for explicit program invariants. We distill our approach into the monotonic-state monad, a general yet compact interface for Hoare-style reasoning about monotonic state in a dependently typed language. We prove the soundness of the monotonic-state monad and use it as a unified foundation for reasoning about monotonic state in the F verification system. Based on this foundation, we build libraries for various mutable data structures like monotonic references and apply these libraries at scale to the verification of several distributed applications.

Skip Supplemental Material Section

Supplemental Material

monotonicstate.webm

References

  1. D. Ahman, C. Hriţcu, K. Maillard, G. Martínez, G. Plotkin, J. Protzenko, A. Rastogi, and N. Swamy. Dijkstra monads for free . POPL. 2017. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. M. Barnett and D. A. Naumann. Friends need a bit more: Maintaining invariants over shared state . MPC. 2004. Google ScholarGoogle ScholarCross RefCross Ref
  3. J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis. Refinement types for secure implementations . ACM Trans. Prog. Lang. Syst. (TOPLAS), 33(2):8, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. K. Bhargavan, C. Fournet, and A. D. Gordon. Modular verification of security protocol code by typing. POPL, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. K. Bhargavan, B. Bond, A. Delignat-Lavaud, C. Fournet, C. Hawblitzel, C. Hriţcu, S. Ishtiaq, M. Kohlweiss, R. Leino, J. Lorch, K. Maillard, J. Pang, B. Parno, J. Protzenko, T. Ramananandro, A. Rane, A. Rastogi, N. Swamy, L. Thompson, P. Wang, S. Zanella-Béguelin, and J.-K. Zinzindohoué. Everest: Towards a verified, drop-in replacement of HT TPS . SNAPL, 2017a.Google ScholarGoogle Scholar
  6. K. Bhargavan, A. Delignat-Lavaud, C. Fournet, M. Kohlweiss, J. Pan, J. Protzenko, A. Rastogi, N. Swamy, S. Z. Béguelin, and J. K. Zinzindohoue. Implementing and proving the TLS 1.3 record layer. IEEE Security & Privacy, 2017b.Google ScholarGoogle Scholar
  7. T. Chajed, H. Chen, A. Chlipala, M. F. Kaashoek, N. Zeldovich, and D. Ziegler. Certifying a file system using crash hoare logic: correctness in the presence of crashes . Commun. ACM, 60(4):75–84, 2017. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. K. M. Chandy and L. Lamport. Distributed snapshots: Determining global states of distributed systems . ACM Trans. Comput. Syst., 3(1):63–75, 1985. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. A. Charguéraud. Characteristic formulae for the verification of imperative programs . ICFP. 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. E. Cohen, M. Moskal, W. Schulte, and S. Tobies. Local verification of global invariants in concurrent programs . CAV. 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. T. Dinsdale-Young, M. Dodds, P. Gardner, M. J. Parkinson, and V. Vafeiadis. Concurrent abstract predicates . ECOOP. 2010. Google ScholarGoogle ScholarCross RefCross Ref
  12. A. Filinski. Representing monads . POPL. 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. C. S. Gordon, M. D. Ernst, and D. Grossman. Rely-guarantee references for refinement types over aliased mutable data . PLDI. 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. N. Grimm, K. Maillard, C. Fournet, C. Hriţcu, M. Maffei, J. Protzenko, T. Ramananandro, A. Rastogi, N. Swamy, and S. ZanellaBéguelin. A monadic framework for relational verification: Applied to information security, program equivalence, and optimizations . arXiv:1703.00055, 2017.Google ScholarGoogle Scholar
  15. S. S. Ishtiaq and P. W. O’Hearn. BI as an assertion language for mutable data structures . POPL. 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. J. B. Jensen and L. Birkedal. Fictional separation logic . ESOP. 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. I. T. Kassios. Dynamic frames: Support for framing, dependencies and sharing without restrictions . FM. 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. S. Katsumata. Parametric effect monads and semantics of effect systems . POPL. 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. R. Krebbers, R. Jung, A. Bizjak, J. Jourdan, D. Dreyer, and L. Birkedal. The essence of higher-order concurrent separation logic . ESOP. 2017. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. K. R. M. Leino and W. Schulte. Using history invariants to verify observers . ESOP. 2007. Google ScholarGoogle ScholarCross RefCross Ref
  21. X. Leroy and S. Blazy. Formal verification of a C-like memory model and its uses for verifying program transformations . JAR, 41(1):1–31, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. P. B. Levy. Call-By-Push-Value: A Functional/Imperative Synthesis, volume 2 of Semantics Structures in Computation. Springer, 2004.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. S. Lindley and I. Stark. Reducibility and tt-lifting for computation types . TLCA. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. T. Lindvall. Lectures on the Coupling Method . Dover Books on Mathematics Series. Dover Publications, Incorporated, 2002.Google ScholarGoogle Scholar
  25. S. Matetic, M. Ahmed, K. Kostiainen, A. Dhar, D. Sommer, and A. Gervai. Rote: Rollback protection for trusted execution . USENIX Security. 2017.Google ScholarGoogle Scholar
  26. A. Nanevski, J. G. Morrisett, and L. Birkedal. Hoare type theory, polymorphism and separation . JFP, 18(5-6):865–911, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. S. Negri and J. von Plato. Cut elimination in the presence of axioms . Bulletin of Symbolic Logic, 4(4):418–435, 1998. Google ScholarGoogle ScholarCross RefCross Ref
  28. B. Parno, J. R. Lorch, J. R. Douceur, J. W. Mickens, and J. M. McCune. Memoir: Practical state continuity for protected modules . S&P. 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. A. Pilkiewicz and F. Pottier. The essence of monotonic state . TLDI. 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. N. Polikarpova, J. Tschannen, C. A. Furia, and B. Meyer. Flexible invariants through semantic collaboration . FM. 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. J. Protzenko, J.-K. Zinzindohoué, A. Rastogi, T. Ramananandro, P. Wang, S. Zanella-Béguelin, A. Delignat-Lavaud, C. Hriţcu, K. Bhargavan, C. Fournet, and N. Swamy. Verified low-level programming embedded in F* . ICFP, 2017.Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. X. Qi and A. C. Myers. Masked types for sound object initialization . POPL. 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. J. Reed. A Hybrid Logical Framework. PhD thesis, Carnegie Mellon University, 2009.Google ScholarGoogle Scholar
  34. J. C. Reynolds. Separation logic: A logic for shared mutable data structures . LICS. 2002.Google ScholarGoogle Scholar
  35. I. Sergey, J. R. Wilcox, and Z. Tatlock. Programming and proving with distributed protocols . POPL, 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. R. Strackx and F. Piessens. Ariadne: A minimal approach to state continuity . USENIX Security. 2016.Google ScholarGoogle Scholar
  37. R. E. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliability . IEEE Trans. Softw. Eng., 12(1):157–171, 1986. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. N. Swamy, J. Chen, C. Fournet, P. Strub, K. Bhargavan, and J. Yang. Secure distributed programming with value-dependent types . JFP, 23(4):402–451, 2013a. Google ScholarGoogle ScholarCross RefCross Ref
  39. N. Swamy, J. Weinberger, C. Schlesinger, J. Chen, and B. Livshits. Verifying higher-order programs with the Dijkstra monad . PLDI, 2013b. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. N. Swamy, C. Hriţcu, C. Keller, A. Rastogi, A. Delignat-Lavaud, S. Forest, K. Bhargavan, C. Fournet, P.-Y. Strub, M. Kohlweiss, J.-K. Zinzindohoué, and S. Zanella-Béguelin. Dependent types and multi-monadic effects in F* . POPL. 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. W. Swierstra. A functional specification of effects . PhD thesis, University of Nottingham, UK, 2009.Google ScholarGoogle Scholar
  42. J.-K. Zinzindohoué, K. Bhargavan, J. Protzenko, and B. Beurdouche. HACL*: A verified modern cryptographic library. CCS, 2017. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Recalling a witness: foundations and applications of monotonic state

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!