Abstract
The modern software engineering process is evolutionary, with commits/patches begetting new versions of code, progressing steadily toward improved systems. In recent years, program analysis and verification tools have exploited version-based reasoning, where new code can be seen in terms of how it has changed from the previous version. When considering program versions, refinement seems a natural fit and, in recent decades, researchers have weakened classical notions of concrete refinement and program equivalence to capture similarities as well as differences between programs. For example, Benton, Yang and others have worked on state-based refinement relations.
In this paper, we explore a form of weak refinement based on trace relations rather than state relations. The idea begins by partitioning traces of a program C1 into trace classes, each identified via a restriction r1. For each class, we specify similar behavior in the other program C2 via a separate restriction r2 on C2. Still, these two trace classes may not yet be equivalent so we further permit a weakening via a binary relation A on traces, that allows one to, for instance disregard unimportant events, relate analogous atomic events, etc.
We address several challenges that arise. First, we explore one way to specify trace refinement relations by instantiating the framework to Kleene Algebra with Tests (KAT) due to Kozen. We use KAT intersection for restriction, KAT hypotheses for A, KAT inclusion for refinement, and have proved compositionality. Next, we present an algorithm for automatically synthesizing refinement relations, based on a mixture of semantic program abstraction, KAT inclusion, a custom edit-distance algorithm on counterexamples, and case-analysis on nondeterministic branching. We have proved our algorithm to be sound. Finally, we implemented our algorithm as a tool called Knotical, on top of Interproc and Symkat. We demonstrate promising first steps in synthesizing trace refinement relations across a hand-crafted collection of 37 benchmarks that include changing fragments of array programs, models of systems code, and examples inspired by the thttpd and Merecat web servers.
Supplemental Material
- Timos Antonopoulos, Paul Gazzillo, Michael Hicks, Eric Koskinen, Tachio Terauchi, and Shiyi Wei. 2017. Decomposition instead of self-composition for proving the absence of timing channels. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation . ACM, 362–375.Google Scholar
Digital Library
- Timos Antonopoulos, Eric Koskinen, and Ton Chanh Le. 2019a. Experimental Results of Knotical. Retrieved August 14, 2019 from https://knotical.github.io/knotical/results/SUMMARY.htmlGoogle Scholar
- Timos Antonopoulos, Eric Koskinen, and Ton Chanh Le. 2019b. Knotical: An Inference System of Trace Refinement Relations. Google Scholar
Cross Ref
- Howard Barringer, Ruurd Kuiper, and Amir Pnueli. 1984. Now You May Compose Temporal Logic Specifications. In Proceedings of the 16th Annual ACM Symposium on Theory of Computing, April 30 - May 2, 1984, Washington, DC, USA . 51–63.Google Scholar
Digital Library
- Gilles Barthe, Juan Manuel Crespo, and César Kunz. 2011. Relational verification using product programs. In International Symposium on Formal Methods . Springer, 200–214.Google Scholar
Cross Ref
- Gilles Barthe, Pedro R D’Argenio, and Tamara Rezk. 2004. Secure information flow by self-composition. In CSFW.Google Scholar
- Ryan Beckett, Eric Campbell, and Michael Greenberg. 2017. Kleene Algebra Modulo Theories. CoRR abs/1707.02894 (2017). arXiv: 1707.02894 http://arxiv.org/abs/1707.02894Google Scholar
- Nick Benton. 2004. Simple relational correctness proofs for static analyses and program transformations. In Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2004, Venice, Italy, January 14-16, 2004 . 14–25.Google Scholar
Digital Library
- Philip Bille. 2005. A survey on tree edit distance and related problems. Theoretical computer science 337, 1-3 (2005), 217–239.Google Scholar
- Ahmed Bouajjani, Constantin Enea, and Shuvendu K. Lahiri. 2017. Abstract Semantic Diffing of Evolving Concurrent Programs. In Static Analysis - 24th International Symposium, SAS 2017, New York, NY, USA, August 30 - September 1, 2017, Proceedings . 46–65. Google Scholar
Cross Ref
- Michael R. Clarkson, Bernd Finkbeiner, Masoud Koleini, Kristopher K. Micinski, Markus N. Rabe, and César Sánchez. 2014. Temporal Logics for Hyperproperties. In POST. 265–284.Google Scholar
- Jules Desharnais, Bernhard Möller, and Georg Struth. 2006. Kleene algebra with domain. ACM Trans. Comput. Log. 7, 4 (2006), 798–833. Google Scholar
Digital Library
- Benny Godlin and Ofer Strichman. 2009. Regression verification. In Proceedings of the 46th Annual Design Automation Conference . ACM, 466–471.Google Scholar
Digital Library
- Sumit Gulwani, Sagar Jain, and Eric Koskinen. 2009. Control-flow refinement and progress invariants for bound analysis. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2009, Dublin, Ireland, June 15-21, 2009 . 375–385.Google Scholar
Digital Library
- Alex Gyori, Shuvendu K. Lahiri, and Nimrod Partush. 2017. Refining interprocedural change-impact analysis using equivalence relations. In Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis, Santa Barbara, CA, USA, July 10 - 14, 2017 . 318–328. Google Scholar
Digital Library
- Daniel Jackson and David A Ladd. 1994. Semantic Diff: A Tool for Summarizing the Effects of Modifications.. In ICSM, Vol. 94. 243–252.Google Scholar
Digital Library
- Ming Kawaguchi, Shuvendu K Lahiri, and Henrique Rebelo. 2010. Conditional equivalence. Microsoft, MSR-TR-2010-119, Tech. Rep (2010).Google Scholar
- Dexter Kozen. 1990. On kleene algebras and closed semirings. In Mathematical Foundations of Computer Science 1990, Branislav Rovan (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 26–47.Google Scholar
- Dexter Kozen. 1996. Kleene Algebra withTests and Commutativity Conditions. In Tools and Algorithms for Construction and Analysis of Systems, Second International Workshop, TACAS ’96, Passau, Germany, March 27-29, 1996, Proceedings (Lecture Notes in Computer Science) , Tiziana Margaria and Bernhard Steffen (Eds.), Vol. 1055. Springer, 14–33. Google Scholar
Cross Ref
- Dexter Kozen. 1997. Kleene Algebra with Tests. ACM Trans. Program. Lang. Syst. 19, 3 (1997), 427–443. Google Scholar
Digital Library
- Dexter Kozen. 2001. Automata on Guarded Strings and Applications. Technical Report. Ithaca, NY, USA.Google Scholar
- Dexter Kozen. 2006. On the Representation of Kleene Algebras with Tests. In Mathematical Foundations of Computer Science 2006, 31st International Symposium, MFCS 2006, Stará Lesná, Slovakia, August 28-September 1, 2006, Proceedings (Lecture Notes in Computer Science) , Rastislav Kralovic and Pawel Urzyczyn (Eds.), Vol. 4162. Springer, 73–83. Google Scholar
Digital Library
- Tsutomu Kumazawa and Tetsuo Tamai. 2011. Counterexample-based error localization of behavior models. In NASA Formal Methods Symposium . Springer, 222–236.Google Scholar
Cross Ref
- Shuvendu K. Lahiri, Arvind Haran, Shaobo He, and Zvonimir Rakamaric. 2015. Automated Differential Program Verification for Approximate Computing . Technical Report. Microsoft Research.Google Scholar
- Shuvendu K. Lahiri, Chris Hawblitzel, Ming Kawaguchi, and Henrique Rebêlo. 2012. SYMDIFF: A Language-Agnostic Semantic Diff Tool for Imperative Programs. In Computer Aided Verification - 24th International Conference, CAV 2012, Berkeley, CA, USA, July 7-13, 2012 Proceedings . 712–717. Google Scholar
Digital Library
- Shuvendu K. Lahiri, Kenneth L. McMillan, Rahul Sharma, and Chris Hawblitzel. 2013. Differential assertion checking. In Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE’13, Saint Petersburg, Russian Federation, August 18-26, 2013 . 345–355. Google Scholar
Digital Library
- Gaël Lalire, Mathias Argoud, and Bertrand Jeannet. 2009. Interproc analyzer for recursive programs with numerical variables. Retrieved August 13, 2019 from http://pop-art.inrialpes.fr/people/bjeannet/bjeannet-forge/interproc/index.htmlGoogle Scholar
- Francesco Logozzo, Shuvendu K. Lahiri, Manuel Fähndrich, and Sam Blackshear. 2014. Verification modulo versions: towards usable verification. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’14, Edinburgh, United Kingdom - June 09 - 11, 2014 . 294–304. Google Scholar
Digital Library
- Vincent Mathieu and Jules Desharnais. 2005. Verification of Pushdown Systems Using Omega Algebra with Domain. In Relational Methods in Computer Science, 8th International Seminar on Relational Methods in Computer Science, 3rd International Workshop on Applications of Kleene Algebra, and Workshop of COST Action 274: TARSKI, St. Catharines, ON, Canada, February 22-26, 2005, Selected Revised Papers . 188–199.Google Scholar
- Laurent Mauborgne and Xavier Rival. 2005. Trace partitioning in abstract interpretation based static analyzers. In European Symposium on Programming . Springer, 5–20.Google Scholar
Digital Library
- Carroll Morgan. 1994. Programming from specifications. Prentice Hall,.Google Scholar
Digital Library
- Joachim Nilsson. 2019. Merecat Embedded Web Server. Retrieved August 13, 2019 from https://troglobit.com/projects/merecat/Google Scholar
- Peter O’Hearn, John Reynolds, and Hongseok Yang. 2001. Local reasoning about programs that alter data structures. In International Workshop on Computer Science Logic . Springer, 1–19.Google Scholar
Cross Ref
- Peter W. O’Hearn. 2018. Continuous Reasoning: Scaling the impact of formal methods. In Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2018, Oxford, UK, July 09-12, 2018 . 13–25.Google Scholar
Digital Library
- Nimrod Partush and Eran Yahav. 2013. Abstract Semantic Differencing for Numerical Programs. In Static Analysis - 20th International Symposium, SAS 2013, Seattle, WA, USA, June 20-22, 2013. Proceedings . 238–258.Google Scholar
- Nimrod Partush and Eran Yahav. 2014. Abstract semantic differencing via speculative correlation. In Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA 2014, part of SPLASH 2014, Portland, OR, USA, October 20-24, 2014 . 811–828.Google Scholar
Digital Library
- Suzette Person, Matthew B. Dwyer, Sebastian G. Elbaum, and Corina S. Pasareanu. 2008. Differential symbolic execution. In Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2008, Atlanta, Georgia, USA, November 9-14, 2008 . 226–237.Google Scholar
Digital Library
- Lauren Pick, Grigory Fedyukovich, and Aarti Gupta. 2018. Exploiting Synchrony and Symmetry in Relational Verification. In Computer Aided Verification - 30th International Conference, CAV 2018, Held as Part of the Federated Logic Conference, FloC 2018, Oxford, UK, July 14-17, 2018, Proceedings, Part I . 164–182.Google Scholar
- Amir Pnueli, Michael Siegel, and Eli Singerman. 1998. Translation validation. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems . Springer, 151–166.Google Scholar
Cross Ref
- Jef Poskanzer. 2018. thttpd HTTP server. Retrieved August 13, 2019 from http://www.acme.com/software/thttpd/Google Scholar
- Damien Pous. 2015a. Symbolic algorithms for language equivalence and Kleene algebra with tests. ACM SIGPLAN Notices 50, 1 (2015), 357–368.Google Scholar
Digital Library
- Damien Pous. 2015b. Symbolic Algorithms for Language Equivalence and Kleene Algebra with Tests. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2015, Mumbai, India, January 15-17, 2015 . 357–368. Google Scholar
Digital Library
- Damien Pous. 2016. Symbolic Algorithms for Language Equivalence and Kleene Algebra with Tests. Retrieved August 13, 2019 from https://perso.ens-lyon.fr/damien.pous/symbolickat/Google Scholar
- Calvin Smith, Gabriel Ferns, and Aws Albarghouthi. 2017. Discovering relational specifications. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2017, Paderborn, Germany, September 4-8, 2017 . 616–626. Google Scholar
Digital Library
- Marcelo Sousa and Isil Dillig. 2016. Cartesian hoare logic for verifying k-safety properties. In ACM SIGPLAN Notices, Vol. 51. ACM, 57–69.Google Scholar
Digital Library
- Marcelo Sousa, Isil Dillig, and Shuvendu K. Lahiri. 2018. Verified three-way program merge. PACMPL 2, OOPSLA (2018), 165:1–165:29.Google Scholar
- Chungha Sung, Shuvendu K. Lahiri, Constantin Enea, and Chao Wang. 2018. Datalog-based scalable semantic diffing of concurrent programs. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ASE 2018, Montpellier, France, September 3-7, 2018 . 656–666.Google Scholar
Digital Library
- Tachio Terauchi and Alex Aiken. 2005. Secure information flow as a safety problem. In SAS.Google Scholar
- Anna Trostanetski, Orna Grumberg, and Daniel Kroening. 2017. Modular Demand-Driven Analysis of Semantic Difference for Program Versions. In Static Analysis - 24th International Symposium, SAS 2017, New York, NY, USA, August 30 -September 1, 2017, Proceedings . 405–427.Google Scholar
- Hiroshi Unno, Sho Torii, and Hiroki Sakamoto. 2017. Automating Induction for Solving Horn Clauses. In Computer Aided Verification - 29th International Conference, CAV 2017, Heidelberg, Germany, July 24-28, 2017, Proceedings, Part II . 571–591. Google Scholar
Cross Ref
- Yuepeng Wang, Isil Dillig, Shuvendu K. Lahiri, and William R. Cook. 2018. Verifying equivalence of database-driven applications. PACMPL 2, POPL (2018), 56:1–56:29.Google Scholar
- Tim Wood, Sophia Drossopoulou, Shuvendu K. Lahiri, and Susan Eisenbach. 2017. Modular Verification of Procedure Equivalence in the Presence of Memory Allocation. In Programming Languages and Systems - 26th European Symposium on Programming, ESOP 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings . 937–963. Google Scholar
Digital Library
- Eran Yahav, Thomas W. Reps, Shmuel Sagiv, and Reinhard Wilhelm. 2006. Verifying Temporal Heap Properties Specified via Evolution Logic. Logic Journal of the IGPL 14, 5 (2006), 755–783. Google Scholar
Cross Ref
- Hongseok Yang. 2007. Relational separation logic. Theor. Comput. Sci. 375, 1-3 (2007), 308–334. Google Scholar
Digital Library
Index Terms
Specification and inference of trace refinement relations
Recommendations
Embedding Kozen-Tiuryn Logic into Residuated One-Sorted Kleene Algebra with Tests
Logic, Language, Information, and ComputationAbstractKozen and Tiuryn have introduced the substructural logic for reasoning about correctness of while programs (ACM TOCL, 2003). The logic distinguishes between tests and partial correctness assertions, representing the latter by special ...
A coalgebraic approach to Kleene algebra with tests
Selected papers of CMCS'03Kleene algebra with tests is an extension of Kleene algebra, the algebra of regular expressions, which can be used to reason about programs. We develop a coalgebraic theory of Kleene algebra with Tests, along the lines of the coalgebraic theory of ...
Guarded Kleene algebra with tests: verification of uninterpreted programs in nearly linear time
Guarded Kleene Algebra with Tests (GKAT) is a variation on Kleene Algebra with Tests (KAT) that arises by restricting the union (+) and iteration (*) operations from KAT to predicate-guarded versions. We develop the (co)algebraic theory of GKAT and show ...






Comments