Abstract
Hypersafety properties of arity n are program properties that relate n traces of a program (or, more generally, traces of n programs). Classic examples include determinism, idempotence, and associativity. A number of relational program logics have been introduced to target this class of properties. Their aim is to construct simpler proofs by capitalizing on structural similarities between the n related programs. We propose an unexplored, complementary proof principle that establishes hyper-triples (i.e. hypersafety judgments) as a unifying compositional building block for proofs, and we use it to develop a Logic for Hyper-triple Composition (LHC), which supports forms of proof compositionality that were not achievable in previous logics. We prove LHC sound and apply it to a number of challenging examples.
- Alejandro Aguirre, Gilles Barthe, Marco Gaboardi, Deepak Garg, and Pierre-Yves Strub. 2019. A relational logic for higher-order programs. J. Funct. Program. 29 ( 2019 ), e16. https://doi.org/10.1017/S0956796819000145
Google Scholar
Cross Ref
- Gilles Barthe, Juan Manuel Crespo, and César Kunz. 2011. Relational Verification Using Product Programs. In FM (Lecture Notes in Computer Science, Vol. 6664 ). Springer, 200-214. https://doi.org/10.1007/978-3-642-21437-0_17
Google Scholar
Cross Ref
- Gilles Barthe, Juan Manuel Crespo, and César Kunz. 2016. Product programs and relational program logics. J. Log. Algebraic Methods Program. 85, 5 ( 2016 ), 847-859. https://doi.org/10.1016/J.JLAMP. 2016. 05.004
Google Scholar
Cross Ref
- Gilles Barthe, Pedro R. D'Argenio, and Tamara Rezk. 2004. Secure Information Flow by Self-Composition. In CSFW. IEEE Computer Society, 100-114. https://doi.org/10.1109/CSFW. 2004.17
Google Scholar
Cross Ref
- Gilles Barthe, Benjamin Grégoire, Justin Hsu, and Pierre-Yves Strub. 2017. Coupling proofs are probabilistic product programs. In POPL. ACM, 161-174. https://doi.org/10.1145/3009837.3009896
Google Scholar
Digital Library
- Gilles Barthe, Boris Köpf, Federico Olmedo, and Santiago Zanella Béguelin. 2013. Probabilistic Relational Reasoning for Diferential Privacy. ACM Trans. Program. Lang. Syst. 35, 3 ( 2013 ), 9 : 1-9 : 49. https://doi.org/10.1145/2492061
Google Scholar
Digital Library
- Nick Benton. 2004. Simple relational correctness proofs for static analyses and program transformations. In POPL. ACM, 14-25. https://doi.org/10.1145/964001.964003
Google Scholar
Digital Library
- Lennart Beringer. 2011. Relational Decomposition. In ITP. 39-54. https://doi.org/10.1007/978-3-642-22863-6_6
Google Scholar
Cross Ref
- Lennart Beringer and Martin Hofmann. 2007. Secure information flow and program logics. In CSF. IEEE Computer Society, 233-248. https://doi.org/10.1109/CSF. 2007.30
Google Scholar
Cross Ref
- Michael R. Clarkson, Bernd Finkbeiner, Masoud Koleini, Kristopher K. Micinski, Markus N. Rabe, and César Sánchez. 2014. Temporal Logics for Hyperproperties. In POST (Lecture Notes in Computer Science, Vol. 8414 ). Springer, 265-284. https://doi.org/10.1007/978-3-642-54792-8_15
Google Scholar
Cross Ref
- Michael R. Clarkson and Fred B. Schneider. 2008. Hyperproperties. In CSF. IEEE Computer Society, 51-65. https://doi.org/ 10.1109/CSF. 2008.7
Google Scholar
Cross Ref
- Ádám Darvas, Reiner Hähnle, and David Sands. 2005. A Theorem Proving Approach to Analysis of Secure Information Flow. In Security in Pervasive Computing, Second International Conference, SPC 2005, Boppard, Germany, April 6-8, 2005, Proceedings (Lecture Notes in Computer Science, Vol. 3450 ). Springer, 193-209. https://doi.org/10.1007/978-3-540-32004-3_20
Google Scholar
Digital Library
- Emanuele D'Osualdo, Azadeh Farzan, and Derek Dreyer. 2022. Proving Hypersafety Compositionally (Extended Version). CoRR arxiv:2209.07448 ( 2022 ). https://doi.org/10.48550/arxiv.2209.07448
Google Scholar
- Marco Eilers, Peter Müller, and Samuel Hitz. 2020. Modular Product Programs. ACM Trans. Program. Lang. Syst. 42, 1 ( 2020 ), 3 : 1-3 : 37. https://doi.org/10.1145/3324783
Google Scholar
Digital Library
- Azadeh Farzan and Anthony Vandikas. 2019. Automated Hypersafety Verification. In CAV (1) (Lecture Notes in Computer Science, Vol. 11561 ). Springer, 200-218. https://doi.org/10.1007/978-3-030-25540-4_11
Google Scholar
Cross Ref
- Cormac Flanagan, Shaz Qadeer, and Sanjit A. Seshia. 2002. A Modular Checker for Multithreaded Programs. In Computer Aided Verification, 14th International Conference, CAV 2002 ,Copenhagen, Denmark, July 27-31, 2002, Proceedings (Lecture Notes in Computer Science, Vol. 2404 ). Springer, 180-194. https://doi.org/10.1007/3-540-45657-0_14
Google Scholar
Cross Ref
- Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2018. ReLoC: A Mechanised Relational Logic for Fine-Grained Concurrency. In LICS. ACM, 442-451. https://doi.org/10.1145/3209108.3209174
Google Scholar
Digital Library
- Benny Godlin and Ofer Strichman. 2013. Regression verification: proving the equivalence of similar programs. Softw. Test. Verification Reliab. 23, 3 ( 2013 ), 241-258. https://doi.org/10.1002/stvr.1472
Google Scholar
Cross Ref
- Ohad Goudsmid, Orna Grumberg, and Sarai Sheinvald. 2021. Compositional Model Checking for Multi-properties. In VMCAI (Lecture Notes in Computer Science, Vol. 12597 ). Springer, 55-80. https://doi.org/10.1007/978-3-030-67067-2_4
Google Scholar
Digital Library
- Ashutosh Gupta, Corneliu Popeea, and Andrey Rybalchenko. 2011. Threader: A Constraint-Based Verifier for Multi-threaded Programs. In Computer Aided Verification-23rd International Conference, CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings (Lecture Notes in Computer Science, Vol. 6806 ). Springer, 412-417. https://doi.org/10.1007/978-3-642-22110-1_32
Google Scholar
Cross Ref
- Máté Kovács, Helmut Seidl, and Bernd Finkbeiner. 2013. Relational abstract interpretation for the verification of 2-hypersafety properties. In 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS'13, Berlin, Germany, November 4-8, 2013. ACM, 211-222. https://doi.org/10.1145/2508859.2516721
Google Scholar
Digital Library
- Hongjin Liang, Xinyu Feng, and Ming Fu. 2012. A rely-guarantee-based simulation for verifying concurrent program transformations. In POPL. ACM, 455-468. https://doi.org/10.1145/2103656.2103711
Google Scholar
Digital Library
- Kenneth L. McMillan. 1999. Circular Compositional Reasoning about Liveness. In Correct Hardware Design and Verification Methods, 10th IFIP WG 10.5 Advanced Research Working Conference, CHARME '99, Bad Herrenalb, Germany, September 27-29, 1999, Proceedings (Lecture Notes in Computer Science, Vol. 1703 ). Springer, 342-345. https://doi.org/10.1007/3-540-48153-2_30
Google Scholar
Cross Ref
- Ramana Nagasamudram and David A. Naumann. 2021. Alignment Completeness for Relational Hoare Logics. In LICS. IEEE, 1-13. https://doi.org/10.1109/LICS52264. 2021.9470690
Google Scholar
Cross Ref
- Ron Shemer, Arie Gurfinkel, Sharon Shoham, and Yakir Vizel. 2019. Property Directed Self Composition. In CAV (1) (Lecture Notes in Computer Science, Vol. 11561 ). Springer, 161-179. https://doi.org/10.1007/978-3-030-25540-4_9
Google Scholar
Cross Ref
- Marcelo Sousa and Isil Dillig. 2016. Cartesian Hoare logic for verifying k-safety properties. In PLDI. ACM, 57-69. https: //doi.org/10.1145/2908080.2908092
Google Scholar
Digital Library
- Tachio Terauchi and Alexander Aiken. 2005. Secure Information Flow as a Safety Problem. In SAS. 352-367. https: //doi.org/10.1007/11547662_24
Google Scholar
Digital Library
- Hiroshi Unno, Tachio Terauchi, and Eric Koskinen. 2021. Constraint-Based Relational Verification. In CAV (1) (Lecture Notes in Computer Science, Vol. 12759 ). Springer, 742-766. https://doi.org/10.1007/978-3-030-81685-8_35
Google Scholar
Digital Library
- Hongseok Yang. 2007. Relational separation logic. Theor. Comput. Sci. 375, 1-3 ( 2007 ), 308-334. https://doi.org/10.1016/J. TCS. 2006. 12.036
Google Scholar
Cross Ref
Index Terms
Proving hypersafety compositionally
Recommendations
Hybrid Logic Meets IF Modal Logic
The hybrid logic $${\mathcal{H}(@,\downarrow)}$$ and the independence friendly modal logic IFML are compared for their expressive powers. We introduce a logic IFML c having a non-standard syntax and a compositional semantics; in terms of this logic a syntactic fragment of IFML ...
Expressivity of coalgebraic modal logic: The limits and beyond
Modal logic has a good claim to being the logic of choice for describing the reactive behaviour of systems modelled as coalgebras. Logics with modal operators obtained from so-called predicate liftings have been shown to be invariant under behavioural ...
On the Expressive Power of TeamLTL and First-Order Team Logic over Hyperproperties
Logic, Language, Information, and ComputationAbstractIn this article we study linear temporal logics with team semantics () that are novel logics for defining hyperproperties. We define Kamp-type translations of these logics into fragments of first-order team logic and second-order logic. We ...






Comments