skip to main content

Specification and inference of trace refinement relations

Published:10 October 2019Publication History
Skip Abstract Section

Abstract

The modern software engineering process is evolutionary, with commits/patches begetting new versions of code, progressing steadily toward improved systems. In recent years, program analysis and verification tools have exploited version-based reasoning, where new code can be seen in terms of how it has changed from the previous version. When considering program versions, refinement seems a natural fit and, in recent decades, researchers have weakened classical notions of concrete refinement and program equivalence to capture similarities as well as differences between programs. For example, Benton, Yang and others have worked on state-based refinement relations.

In this paper, we explore a form of weak refinement based on trace relations rather than state relations. The idea begins by partitioning traces of a program C1 into trace classes, each identified via a restriction r1. For each class, we specify similar behavior in the other program C2 via a separate restriction r2 on C2. Still, these two trace classes may not yet be equivalent so we further permit a weakening via a binary relation A on traces, that allows one to, for instance disregard unimportant events, relate analogous atomic events, etc.

We address several challenges that arise. First, we explore one way to specify trace refinement relations by instantiating the framework to Kleene Algebra with Tests (KAT) due to Kozen. We use KAT intersection for restriction, KAT hypotheses for A, KAT inclusion for refinement, and have proved compositionality. Next, we present an algorithm for automatically synthesizing refinement relations, based on a mixture of semantic program abstraction, KAT inclusion, a custom edit-distance algorithm on counterexamples, and case-analysis on nondeterministic branching. We have proved our algorithm to be sound. Finally, we implemented our algorithm as a tool called Knotical, on top of Interproc and Symkat. We demonstrate promising first steps in synthesizing trace refinement relations across a hand-crafted collection of 37 benchmarks that include changing fragments of array programs, models of systems code, and examples inspired by the thttpd and Merecat web servers.

Skip Supplemental Material Section

Supplemental Material

a178-antonopoulos

Presentation at OOPSLA '19

References

  1. Timos Antonopoulos, Paul Gazzillo, Michael Hicks, Eric Koskinen, Tachio Terauchi, and Shiyi Wei. 2017. Decomposition instead of self-composition for proving the absence of timing channels. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation . ACM, 362–375.Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Timos Antonopoulos, Eric Koskinen, and Ton Chanh Le. 2019a. Experimental Results of Knotical. Retrieved August 14, 2019 from https://knotical.github.io/knotical/results/SUMMARY.htmlGoogle ScholarGoogle Scholar
  3. Timos Antonopoulos, Eric Koskinen, and Ton Chanh Le. 2019b. Knotical: An Inference System of Trace Refinement Relations. Google ScholarGoogle ScholarCross RefCross Ref
  4. Howard Barringer, Ruurd Kuiper, and Amir Pnueli. 1984. Now You May Compose Temporal Logic Specifications. In Proceedings of the 16th Annual ACM Symposium on Theory of Computing, April 30 - May 2, 1984, Washington, DC, USA . 51–63.Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Gilles Barthe, Juan Manuel Crespo, and César Kunz. 2011. Relational verification using product programs. In International Symposium on Formal Methods . Springer, 200–214.Google ScholarGoogle ScholarCross RefCross Ref
  6. Gilles Barthe, Pedro R D’Argenio, and Tamara Rezk. 2004. Secure information flow by self-composition. In CSFW.Google ScholarGoogle Scholar
  7. Ryan Beckett, Eric Campbell, and Michael Greenberg. 2017. Kleene Algebra Modulo Theories. CoRR abs/1707.02894 (2017). arXiv: 1707.02894 http://arxiv.org/abs/1707.02894Google ScholarGoogle Scholar
  8. Nick Benton. 2004. Simple relational correctness proofs for static analyses and program transformations. In Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2004, Venice, Italy, January 14-16, 2004 . 14–25.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Philip Bille. 2005. A survey on tree edit distance and related problems. Theoretical computer science 337, 1-3 (2005), 217–239.Google ScholarGoogle Scholar
  10. Ahmed Bouajjani, Constantin Enea, and Shuvendu K. Lahiri. 2017. Abstract Semantic Diffing of Evolving Concurrent Programs. In Static Analysis - 24th International Symposium, SAS 2017, New York, NY, USA, August 30 - September 1, 2017, Proceedings . 46–65. Google ScholarGoogle ScholarCross RefCross Ref
  11. Michael R. Clarkson, Bernd Finkbeiner, Masoud Koleini, Kristopher K. Micinski, Markus N. Rabe, and César Sánchez. 2014. Temporal Logics for Hyperproperties. In POST. 265–284.Google ScholarGoogle Scholar
  12. Jules Desharnais, Bernhard Möller, and Georg Struth. 2006. Kleene algebra with domain. ACM Trans. Comput. Log. 7, 4 (2006), 798–833. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Benny Godlin and Ofer Strichman. 2009. Regression verification. In Proceedings of the 46th Annual Design Automation Conference . ACM, 466–471.Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Sumit Gulwani, Sagar Jain, and Eric Koskinen. 2009. Control-flow refinement and progress invariants for bound analysis. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2009, Dublin, Ireland, June 15-21, 2009 . 375–385.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Alex Gyori, Shuvendu K. Lahiri, and Nimrod Partush. 2017. Refining interprocedural change-impact analysis using equivalence relations. In Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis, Santa Barbara, CA, USA, July 10 - 14, 2017 . 318–328. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Daniel Jackson and David A Ladd. 1994. Semantic Diff: A Tool for Summarizing the Effects of Modifications.. In ICSM, Vol. 94. 243–252.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Ming Kawaguchi, Shuvendu K Lahiri, and Henrique Rebelo. 2010. Conditional equivalence. Microsoft, MSR-TR-2010-119, Tech. Rep (2010).Google ScholarGoogle Scholar
  18. Dexter Kozen. 1990. On kleene algebras and closed semirings. In Mathematical Foundations of Computer Science 1990, Branislav Rovan (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 26–47.Google ScholarGoogle Scholar
  19. Dexter Kozen. 1996. Kleene Algebra withTests and Commutativity Conditions. In Tools and Algorithms for Construction and Analysis of Systems, Second International Workshop, TACAS ’96, Passau, Germany, March 27-29, 1996, Proceedings (Lecture Notes in Computer Science) , Tiziana Margaria and Bernhard Steffen (Eds.), Vol. 1055. Springer, 14–33. Google ScholarGoogle ScholarCross RefCross Ref
  20. Dexter Kozen. 1997. Kleene Algebra with Tests. ACM Trans. Program. Lang. Syst. 19, 3 (1997), 427–443. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Dexter Kozen. 2001. Automata on Guarded Strings and Applications. Technical Report. Ithaca, NY, USA.Google ScholarGoogle Scholar
  22. Dexter Kozen. 2006. On the Representation of Kleene Algebras with Tests. In Mathematical Foundations of Computer Science 2006, 31st International Symposium, MFCS 2006, Stará Lesná, Slovakia, August 28-September 1, 2006, Proceedings (Lecture Notes in Computer Science) , Rastislav Kralovic and Pawel Urzyczyn (Eds.), Vol. 4162. Springer, 73–83. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Tsutomu Kumazawa and Tetsuo Tamai. 2011. Counterexample-based error localization of behavior models. In NASA Formal Methods Symposium . Springer, 222–236.Google ScholarGoogle ScholarCross RefCross Ref
  24. Shuvendu K. Lahiri, Arvind Haran, Shaobo He, and Zvonimir Rakamaric. 2015. Automated Differential Program Verification for Approximate Computing . Technical Report. Microsoft Research.Google ScholarGoogle Scholar
  25. Shuvendu K. Lahiri, Chris Hawblitzel, Ming Kawaguchi, and Henrique Rebêlo. 2012. SYMDIFF: A Language-Agnostic Semantic Diff Tool for Imperative Programs. In Computer Aided Verification - 24th International Conference, CAV 2012, Berkeley, CA, USA, July 7-13, 2012 Proceedings . 712–717. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Shuvendu K. Lahiri, Kenneth L. McMillan, Rahul Sharma, and Chris Hawblitzel. 2013. Differential assertion checking. In Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE’13, Saint Petersburg, Russian Federation, August 18-26, 2013 . 345–355. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Gaël Lalire, Mathias Argoud, and Bertrand Jeannet. 2009. Interproc analyzer for recursive programs with numerical variables. Retrieved August 13, 2019 from http://pop-art.inrialpes.fr/people/bjeannet/bjeannet-forge/interproc/index.htmlGoogle ScholarGoogle Scholar
  28. Francesco Logozzo, Shuvendu K. Lahiri, Manuel Fähndrich, and Sam Blackshear. 2014. Verification modulo versions: towards usable verification. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’14, Edinburgh, United Kingdom - June 09 - 11, 2014 . 294–304. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Vincent Mathieu and Jules Desharnais. 2005. Verification of Pushdown Systems Using Omega Algebra with Domain. In Relational Methods in Computer Science, 8th International Seminar on Relational Methods in Computer Science, 3rd International Workshop on Applications of Kleene Algebra, and Workshop of COST Action 274: TARSKI, St. Catharines, ON, Canada, February 22-26, 2005, Selected Revised Papers . 188–199.Google ScholarGoogle Scholar
  30. Laurent Mauborgne and Xavier Rival. 2005. Trace partitioning in abstract interpretation based static analyzers. In European Symposium on Programming . Springer, 5–20.Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Carroll Morgan. 1994. Programming from specifications. Prentice Hall,.Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Joachim Nilsson. 2019. Merecat Embedded Web Server. Retrieved August 13, 2019 from https://troglobit.com/projects/merecat/Google ScholarGoogle Scholar
  33. Peter O’Hearn, John Reynolds, and Hongseok Yang. 2001. Local reasoning about programs that alter data structures. In International Workshop on Computer Science Logic . Springer, 1–19.Google ScholarGoogle ScholarCross RefCross Ref
  34. Peter W. O’Hearn. 2018. Continuous Reasoning: Scaling the impact of formal methods. In Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2018, Oxford, UK, July 09-12, 2018 . 13–25.Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Nimrod Partush and Eran Yahav. 2013. Abstract Semantic Differencing for Numerical Programs. In Static Analysis - 20th International Symposium, SAS 2013, Seattle, WA, USA, June 20-22, 2013. Proceedings . 238–258.Google ScholarGoogle Scholar
  36. Nimrod Partush and Eran Yahav. 2014. Abstract semantic differencing via speculative correlation. In Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA 2014, part of SPLASH 2014, Portland, OR, USA, October 20-24, 2014 . 811–828.Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Suzette Person, Matthew B. Dwyer, Sebastian G. Elbaum, and Corina S. Pasareanu. 2008. Differential symbolic execution. In Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2008, Atlanta, Georgia, USA, November 9-14, 2008 . 226–237.Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Lauren Pick, Grigory Fedyukovich, and Aarti Gupta. 2018. Exploiting Synchrony and Symmetry in Relational Verification. In Computer Aided Verification - 30th International Conference, CAV 2018, Held as Part of the Federated Logic Conference, FloC 2018, Oxford, UK, July 14-17, 2018, Proceedings, Part I . 164–182.Google ScholarGoogle Scholar
  39. Amir Pnueli, Michael Siegel, and Eli Singerman. 1998. Translation validation. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems . Springer, 151–166.Google ScholarGoogle ScholarCross RefCross Ref
  40. Jef Poskanzer. 2018. thttpd HTTP server. Retrieved August 13, 2019 from http://www.acme.com/software/thttpd/Google ScholarGoogle Scholar
  41. Damien Pous. 2015a. Symbolic algorithms for language equivalence and Kleene algebra with tests. ACM SIGPLAN Notices 50, 1 (2015), 357–368.Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Damien Pous. 2015b. Symbolic Algorithms for Language Equivalence and Kleene Algebra with Tests. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2015, Mumbai, India, January 15-17, 2015 . 357–368. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Damien Pous. 2016. Symbolic Algorithms for Language Equivalence and Kleene Algebra with Tests. Retrieved August 13, 2019 from https://perso.ens-lyon.fr/damien.pous/symbolickat/Google ScholarGoogle Scholar
  44. Calvin Smith, Gabriel Ferns, and Aws Albarghouthi. 2017. Discovering relational specifications. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2017, Paderborn, Germany, September 4-8, 2017 . 616–626. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Marcelo Sousa and Isil Dillig. 2016. Cartesian hoare logic for verifying k-safety properties. In ACM SIGPLAN Notices, Vol. 51. ACM, 57–69.Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Marcelo Sousa, Isil Dillig, and Shuvendu K. Lahiri. 2018. Verified three-way program merge. PACMPL 2, OOPSLA (2018), 165:1–165:29.Google ScholarGoogle Scholar
  47. Chungha Sung, Shuvendu K. Lahiri, Constantin Enea, and Chao Wang. 2018. Datalog-based scalable semantic diffing of concurrent programs. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ASE 2018, Montpellier, France, September 3-7, 2018 . 656–666.Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Tachio Terauchi and Alex Aiken. 2005. Secure information flow as a safety problem. In SAS.Google ScholarGoogle Scholar
  49. Anna Trostanetski, Orna Grumberg, and Daniel Kroening. 2017. Modular Demand-Driven Analysis of Semantic Difference for Program Versions. In Static Analysis - 24th International Symposium, SAS 2017, New York, NY, USA, August 30 -September 1, 2017, Proceedings . 405–427.Google ScholarGoogle Scholar
  50. Hiroshi Unno, Sho Torii, and Hiroki Sakamoto. 2017. Automating Induction for Solving Horn Clauses. In Computer Aided Verification - 29th International Conference, CAV 2017, Heidelberg, Germany, July 24-28, 2017, Proceedings, Part II . 571–591. Google ScholarGoogle ScholarCross RefCross Ref
  51. Yuepeng Wang, Isil Dillig, Shuvendu K. Lahiri, and William R. Cook. 2018. Verifying equivalence of database-driven applications. PACMPL 2, POPL (2018), 56:1–56:29.Google ScholarGoogle Scholar
  52. Tim Wood, Sophia Drossopoulou, Shuvendu K. Lahiri, and Susan Eisenbach. 2017. Modular Verification of Procedure Equivalence in the Presence of Memory Allocation. In Programming Languages and Systems - 26th European Symposium on Programming, ESOP 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings . 937–963. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Eran Yahav, Thomas W. Reps, Shmuel Sagiv, and Reinhard Wilhelm. 2006. Verifying Temporal Heap Properties Specified via Evolution Logic. Logic Journal of the IGPL 14, 5 (2006), 755–783. Google ScholarGoogle ScholarCross RefCross Ref
  54. Hongseok Yang. 2007. Relational separation logic. Theor. Comput. Sci. 375, 1-3 (2007), 308–334. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Specification and inference of trace refinement relations

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!