Abstract
The use of function contracts to specify the behavior of functions often remains limited to the scope of a single function call. Relational properties link several function calls together within a single specification. They can express more advanced properties of a given function, such as non-interference, continuity, or monotonicity. They can also relate calls to different functions, for instance, to show that an optimized implementation is equivalent to its original counterpart. However, relational properties cannot be expressed and verified directly in the traditional setting of modular deductive verification. Self-composition has been proposed to overcome this limitation, but it requires complex transformations and additional separation hypotheses for real-life languages with pointers. We propose a novel approach that is not based on code transformation and avoids those drawbacks. It directly applies a verification condition generator to produce logical formulas that must be verified to ensure a given relational property. The approach has been fully formalized and proved sound in the Coq proof assistant.
Part of this work was funded by the AESC project supported by the Ministry of Science, Research and Arts Baden-Württemberg (Ref: 33-7533.-9-10/20/1).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Termination can be assumed (partial correctness) or proved separately (full correctness) in a well-known way [15]; for the purpose of this paper we can assume it.
- 2.
The Coq development is at https://github.com/lyonel2017/Relational-Spec, where the version corresponding to this paper is tagged iFM2022.
- 3.
References
Apt, K., de Boer, F., Olderog, E.: Verification of Sequential and Concurrent Programs. Texts in Computer Science, Springer, London (2009). https://doi.org/10.1007/978-1-84882-745-5
Barthe, G., Crespo, J.M., Kunz, C.: Relational verification using product programs. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 200–214. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21437-0_17
Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. J. Math. Struct. Comput. Sci. 21(6), 1207–1252 (2011). https://doi.org/10.1017/S0960129511000193
Baudin, P., et al.: ACSL: ANSI/ISO C Specification Language (2021). https://frama-c.com/html/acsl.html
Beckert, B., Bormer, T., Kirsten, M., Neuber, T., Ulbrich, M.: Automated verification for functional and relational properties of voting rules. In: Proceedings of the 6th International Workshop on Computational Social Choice (COMSOC 2016) (2016)
Benton, N.: Simple relational correctness proofs for static analyses and program transformations. In: Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on of Programming Languages (POPL 2004), pp. 14–25. ACM (2004). https://doi.org/10.1145/964001.964003
Beringer, L., Appel, A.W.: Abstraction and subsumption in modular verification of C programs. In: ter Beek, M.H., McIver, A., Oliveira, J.N. (eds.) FM 2019. LNCS, vol. 11800, pp. 573–590. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30942-8_34
Bishop, P.G., Bloomfield, R.E., Cyra, L.: Combining testing and proof to gain high assurance in software: a case study. In: Proceedings of the 24th International Symposium on Software Reliability Engineering (ISSRE 2013), pp. 248–257. IEEE (2013). https://doi.org/10.1109/ISSRE.2013.6698924
Blatter, L., Kosmatov, N., Le Gall, P., Prevosto, V.: RPP: automatic proof of relational properties by self-composition. In: Legay, A., Margaria, T. (eds.) TACAS 2017. LNCS, vol. 10205, pp. 391–397. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54577-5_22
Blatter, L., Kosmatov, N., Le Gall, P., Prevosto, V., Petiot, G.: Static and dynamic verification of relational properties on self-composed C code. In: Dubois, C., Wolff, B. (eds.) TAP 2018. LNCS, vol. 10889, pp. 44–62. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-92994-1_3
Blazy, S., Maroneze, A., Pichardie, D.: Verified validation of program slicing. In: Proceedings of the 2015 Conference on Certified Programs and Proofs (CPP 2015), pp. 109–117. ACM (2015). https://doi.org/10.1145/2676724.2693169
Dufay, G., Felty, A., Matwin, S.: Privacy-sensitive information flow with JML. In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol. 3632, pp. 116–130. Springer, Heidelberg (2005). https://doi.org/10.1007/11532231_9
Eilers, M., Müller, P., Hitz, S.: Modular product programs. In: Ahmed, A. (ed.) ESOP 2018. LNCS, vol. 10801, pp. 502–529. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89884-1_18
Flanagan, C., Saxe, J.B.: Avoiding exponential explosion: generating compact verification conditions. In: Proceedings of the 28th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2001), pp. 193–205. ACM (2001). https://doi.org/10.1145/360204.360220
Floyd, R.W.: Assigning meanings to programs. In: Proceedings of Symposia in Applied Mathematics. Mathematical Aspects of Computer Science, vol. 19, pp. 19–32 (1967). https://doi.org/10.1090/psapm/019/0235771
Hawblitzel, C., Kawaguchi, M., Lahiri, S.K., Rebêlo, H.: Towards modularly comparing programs using automated theorem provers. In: Bonacina, M.P. (ed.) CADE 2013. LNCS (LNAI), vol. 7898, pp. 282–299. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38574-2_20
Herms, P.: Certification of a tool chain for deductive program verification. Ph.D. thesis, Université Paris Sud - Paris XI, January 2013. https://tel.archives-ouvertes.fr/tel-00789543
Hoare, C.A.R.: An axiomatic basis for computer programming. Commun. ACM 12(10), 576–580 (1969). https://doi.org/10.1145/363235.363259
Jourdan, J., Laporte, V., Blazy, S., Leroy, X., Pichardie, D.: A formally-verified C static analyzer. In: Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2015), pp. 247–259. ACM (2015). https://doi.org/10.1145/2676726.2676966
Jung, R., Krebbers, R., Jourdan, J., Bizjak, A., Birkedal, L., Dreyer, D.: Iris from the ground up: a modular foundation for higher-order concurrent separation logic. J. Funct. Program. 28, e20 (2018). https://doi.org/10.1017/S0956796818000151
Kiefer, M., Klebanov, V., Ulbrich, M.: Relational program reasoning using compiler IR. J. Autom. Reason. 60(3), 337–363 (2017). https://doi.org/10.1007/s10817-017-9433-5
Kip, I.: Assembly Language for x86 Processors, 7th edn. Prentice Hall Press, Upper Saddle River (2014)
Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: a software analysis perspective. Formal Aspects Comput. 27(3), 573–609 (2015). https://doi.org/10.1007/s00165-014-0326-7
Krebbers, R., Leroy, X., Wiedijk, F.: Formal C semantics: CompCert and the C standard. In: Klein, G., Gamboa, R. (eds.) ITP 2014. LNCS, vol. 8558, pp. 543–548. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08970-6_36
Leroy, X., Blazy, S.: Formal verification of a C-like memory model and its uses for verifying program transformations. J. Autom. Reason. 41(1), 1–31 (2008). https://doi.org/10.1007/s10817-008-9099-0
Maillard, K., Hritcu, C., Rivas, E., Van Muylder, A.: The next 700 relational program logics. In: Proceedings of the 47th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2020), vol. 4, pp. 4:1–4:33 (2020). https://doi.org/10.1145/3371072
Naumann, D.A.: Thirty-seven years of relational Hoare logic: remarks on its principles and history. In: Margaria, T., Steffen, B. (eds.) ISoLA 2020. LNCS, vol. 12477, pp. 93–116. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-61470-6_7
Parthasarathy, G., Müller, P., Summers, A.J.: Formally validating a practical verification condition generator. In: Silva, A., Leino, K.R.M. (eds.) CAV 2021. LNCS, vol. 12760, pp. 704–727. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81688-9_33
Pierce, B.C., et al.: Logical Foundations. Software Foundations series, vol. 1, Electronic Textbook (2018). http://www.cis.upenn.edu/~bcpierce/sf
Scheben, C., Schmitt, P.H.: Efficient self-composition for weakest precondition calculi. In: Jones, C., Pihlajasaari, P., Sun, J. (eds.) FM 2014. LNCS, vol. 8442, pp. 579–594. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06410-9_39
Shemer, R., Gurfinkel, A., Shoham, S., Vizel, Y.: Property directed self composition. In: Dillig, I., Tasiran, S. (eds.) CAV 2019. LNCS, vol. 11561, pp. 161–179. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25540-4_9
Sousa, M., Dillig, I.: Cartesian hoare logic for verifying k-safety properties. In: Proceedings of the 37th Conference on Programming Language Design and Implementation (PLDI 2016), pp. 57–69. ACM (2016). https://doi.org/10.1145/2908080.2908092
The Coq Development Team: The Coq Proof Assistant (2021). https://coq.inria.fr/
Unno, H., Terauchi, T., Koskinen, E.: Constraint-based relational verification. In: Silva, A., Leino, K.R.M. (eds.) CAV 2021. LNCS, vol. 12759, pp. 742–766. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81685-8_35
Wils, S., Jacobs, B.: Certifying C program correctness with respect to CompCert with VeriFast. CoRR abs/2110.11034 (2021). https://arxiv.org/abs/2110.11034
Winskel, G.: The Formal Semantics of Programming Languages - An Introduction. Foundation of Computing Series, MIT Press, Cambridge (1993)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Blatter, L., Kosmatov, N., Prevosto, V., Le Gall, P. (2022). Certified Verification of Relational Properties. In: ter Beek, M.H., Monahan, R. (eds) Integrated Formal Methods. IFM 2022. Lecture Notes in Computer Science, vol 13274. Springer, Cham. https://doi.org/10.1007/978-3-031-07727-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-07727-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-07726-5
Online ISBN: 978-3-031-07727-2
eBook Packages: Computer ScienceComputer Science (R0)