skip to main content
research-article
Open Access

Proving hypersafety compositionally

Published:31 October 2022Publication History
Skip Abstract Section

Abstract

Hypersafety properties of arity n are program properties that relate n traces of a program (or, more generally, traces of n programs). Classic examples include determinism, idempotence, and associativity. A number of relational program logics have been introduced to target this class of properties. Their aim is to construct simpler proofs by capitalizing on structural similarities between the n related programs. We propose an unexplored, complementary proof principle that establishes hyper-triples (i.e. hypersafety judgments) as a unifying compositional building block for proofs, and we use it to develop a Logic for Hyper-triple Composition (LHC), which supports forms of proof compositionality that were not achievable in previous logics. We prove LHC sound and apply it to a number of challenging examples.

References

  1. Alejandro Aguirre, Gilles Barthe, Marco Gaboardi, Deepak Garg, and Pierre-Yves Strub. 2019. A relational logic for higher-order programs. J. Funct. Program. 29 ( 2019 ), e16. https://doi.org/10.1017/S0956796819000145 Google ScholarGoogle ScholarCross RefCross Ref
  2. Gilles Barthe, Juan Manuel Crespo, and César Kunz. 2011. Relational Verification Using Product Programs. In FM (Lecture Notes in Computer Science, Vol. 6664 ). Springer, 200-214. https://doi.org/10.1007/978-3-642-21437-0_17 Google ScholarGoogle ScholarCross RefCross Ref
  3. Gilles Barthe, Juan Manuel Crespo, and César Kunz. 2016. Product programs and relational program logics. J. Log. Algebraic Methods Program. 85, 5 ( 2016 ), 847-859. https://doi.org/10.1016/J.JLAMP. 2016. 05.004 Google ScholarGoogle ScholarCross RefCross Ref
  4. Gilles Barthe, Pedro R. D'Argenio, and Tamara Rezk. 2004. Secure Information Flow by Self-Composition. In CSFW. IEEE Computer Society, 100-114. https://doi.org/10.1109/CSFW. 2004.17 Google ScholarGoogle ScholarCross RefCross Ref
  5. Gilles Barthe, Benjamin Grégoire, Justin Hsu, and Pierre-Yves Strub. 2017. Coupling proofs are probabilistic product programs. In POPL. ACM, 161-174. https://doi.org/10.1145/3009837.3009896 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Gilles Barthe, Boris Köpf, Federico Olmedo, and Santiago Zanella Béguelin. 2013. Probabilistic Relational Reasoning for Diferential Privacy. ACM Trans. Program. Lang. Syst. 35, 3 ( 2013 ), 9 : 1-9 : 49. https://doi.org/10.1145/2492061 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Nick Benton. 2004. Simple relational correctness proofs for static analyses and program transformations. In POPL. ACM, 14-25. https://doi.org/10.1145/964001.964003 Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Lennart Beringer. 2011. Relational Decomposition. In ITP. 39-54. https://doi.org/10.1007/978-3-642-22863-6_6 Google ScholarGoogle ScholarCross RefCross Ref
  9. Lennart Beringer and Martin Hofmann. 2007. Secure information flow and program logics. In CSF. IEEE Computer Society, 233-248. https://doi.org/10.1109/CSF. 2007.30 Google ScholarGoogle ScholarCross RefCross Ref
  10. Michael R. Clarkson, Bernd Finkbeiner, Masoud Koleini, Kristopher K. Micinski, Markus N. Rabe, and César Sánchez. 2014. Temporal Logics for Hyperproperties. In POST (Lecture Notes in Computer Science, Vol. 8414 ). Springer, 265-284. https://doi.org/10.1007/978-3-642-54792-8_15 Google ScholarGoogle ScholarCross RefCross Ref
  11. Michael R. Clarkson and Fred B. Schneider. 2008. Hyperproperties. In CSF. IEEE Computer Society, 51-65. https://doi.org/ 10.1109/CSF. 2008.7 Google ScholarGoogle ScholarCross RefCross Ref
  12. Ádám Darvas, Reiner Hähnle, and David Sands. 2005. A Theorem Proving Approach to Analysis of Secure Information Flow. In Security in Pervasive Computing, Second International Conference, SPC 2005, Boppard, Germany, April 6-8, 2005, Proceedings (Lecture Notes in Computer Science, Vol. 3450 ). Springer, 193-209. https://doi.org/10.1007/978-3-540-32004-3_20 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Emanuele D'Osualdo, Azadeh Farzan, and Derek Dreyer. 2022. Proving Hypersafety Compositionally (Extended Version). CoRR arxiv:2209.07448 ( 2022 ). https://doi.org/10.48550/arxiv.2209.07448 Google ScholarGoogle Scholar
  14. Marco Eilers, Peter Müller, and Samuel Hitz. 2020. Modular Product Programs. ACM Trans. Program. Lang. Syst. 42, 1 ( 2020 ), 3 : 1-3 : 37. https://doi.org/10.1145/3324783 Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Azadeh Farzan and Anthony Vandikas. 2019. Automated Hypersafety Verification. In CAV (1) (Lecture Notes in Computer Science, Vol. 11561 ). Springer, 200-218. https://doi.org/10.1007/978-3-030-25540-4_11 Google ScholarGoogle ScholarCross RefCross Ref
  16. Cormac Flanagan, Shaz Qadeer, and Sanjit A. Seshia. 2002. A Modular Checker for Multithreaded Programs. In Computer Aided Verification, 14th International Conference, CAV 2002 ,Copenhagen, Denmark, July 27-31, 2002, Proceedings (Lecture Notes in Computer Science, Vol. 2404 ). Springer, 180-194. https://doi.org/10.1007/3-540-45657-0_14 Google ScholarGoogle ScholarCross RefCross Ref
  17. Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2018. ReLoC: A Mechanised Relational Logic for Fine-Grained Concurrency. In LICS. ACM, 442-451. https://doi.org/10.1145/3209108.3209174 Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Benny Godlin and Ofer Strichman. 2013. Regression verification: proving the equivalence of similar programs. Softw. Test. Verification Reliab. 23, 3 ( 2013 ), 241-258. https://doi.org/10.1002/stvr.1472 Google ScholarGoogle ScholarCross RefCross Ref
  19. Ohad Goudsmid, Orna Grumberg, and Sarai Sheinvald. 2021. Compositional Model Checking for Multi-properties. In VMCAI (Lecture Notes in Computer Science, Vol. 12597 ). Springer, 55-80. https://doi.org/10.1007/978-3-030-67067-2_4 Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Ashutosh Gupta, Corneliu Popeea, and Andrey Rybalchenko. 2011. Threader: A Constraint-Based Verifier for Multi-threaded Programs. In Computer Aided Verification-23rd International Conference, CAV 2011, Snowbird, UT, USA, July 14-20, 2011. Proceedings (Lecture Notes in Computer Science, Vol. 6806 ). Springer, 412-417. https://doi.org/10.1007/978-3-642-22110-1_32 Google ScholarGoogle ScholarCross RefCross Ref
  21. Máté Kovács, Helmut Seidl, and Bernd Finkbeiner. 2013. Relational abstract interpretation for the verification of 2-hypersafety properties. In 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS'13, Berlin, Germany, November 4-8, 2013. ACM, 211-222. https://doi.org/10.1145/2508859.2516721 Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Hongjin Liang, Xinyu Feng, and Ming Fu. 2012. A rely-guarantee-based simulation for verifying concurrent program transformations. In POPL. ACM, 455-468. https://doi.org/10.1145/2103656.2103711 Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Kenneth L. McMillan. 1999. Circular Compositional Reasoning about Liveness. In Correct Hardware Design and Verification Methods, 10th IFIP WG 10.5 Advanced Research Working Conference, CHARME '99, Bad Herrenalb, Germany, September 27-29, 1999, Proceedings (Lecture Notes in Computer Science, Vol. 1703 ). Springer, 342-345. https://doi.org/10.1007/3-540-48153-2_30 Google ScholarGoogle ScholarCross RefCross Ref
  24. Ramana Nagasamudram and David A. Naumann. 2021. Alignment Completeness for Relational Hoare Logics. In LICS. IEEE, 1-13. https://doi.org/10.1109/LICS52264. 2021.9470690 Google ScholarGoogle ScholarCross RefCross Ref
  25. Ron Shemer, Arie Gurfinkel, Sharon Shoham, and Yakir Vizel. 2019. Property Directed Self Composition. In CAV (1) (Lecture Notes in Computer Science, Vol. 11561 ). Springer, 161-179. https://doi.org/10.1007/978-3-030-25540-4_9 Google ScholarGoogle ScholarCross RefCross Ref
  26. Marcelo Sousa and Isil Dillig. 2016. Cartesian Hoare logic for verifying k-safety properties. In PLDI. ACM, 57-69. https: //doi.org/10.1145/2908080.2908092 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Tachio Terauchi and Alexander Aiken. 2005. Secure Information Flow as a Safety Problem. In SAS. 352-367. https: //doi.org/10.1007/11547662_24 Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Hiroshi Unno, Tachio Terauchi, and Eric Koskinen. 2021. Constraint-Based Relational Verification. In CAV (1) (Lecture Notes in Computer Science, Vol. 12759 ). Springer, 742-766. https://doi.org/10.1007/978-3-030-81685-8_35 Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Hongseok Yang. 2007. Relational separation logic. Theor. Comput. Sci. 375, 1-3 ( 2007 ), 308-334. https://doi.org/10.1016/J. TCS. 2006. 12.036 Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. Proving hypersafety compositionally

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!