Abstract
Enabling Hoare-style reasoning for low-level code is attractive since it opens the way to regain structure and modularity in a domain where structure is essentially absent. The field, however, has not yet arrived at a fully satisfactory solution, in the sense of avoiding restrictions on control flow (important for compiler optimization), controlling access to intermediate program points (important for modularity), and supporting total correctness. Proposals in the literature support some of these properties, but a solution that meets them all is yet to be found. We introduce the novel Hoare-style program logic \(\mathcal {L}_A\), which interprets postconditions relative to program points when these are first encountered. The logic can support both partial and total correctness, derive contracts for arbitrary control flow, and allows one to freely choose decomposition strategy during verification while avoiding step-indexed approximations and global invariants. The logic can be instantiated for a variety of concrete instruction set architectures and intermediate languages. The rules of \(\mathcal {L}_A\) have been verified in the interactive theorem prover HOL4 and integrated with the toolbox HolBA for semi-automated program verification, making it applicable to the ARMv6 and ARMv8 instruction sets.
This work has been supported by the TrustFull project financed by the Swedish Foundation for Strategic Research and the KTH CERCES Center for Resilient Critical Infrastructures financed by the Swedish Civil Contingencies Agency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The HolBA Github repository is located at https://github.com/kth-step/HolBA and our \(\mathcal {L}_A\) implementation for this paper is available at the commit tagged SEFM2020 in the directory src/theory/abstract_hoare_logic.
References
Appel, A.W.: Foundational proof-carrying code. In: Proceedings 16th Annual IEEE Symposium on Logic in Computer Science, pp. 247–256. IEEE (2001)
Arbib, M.A., Alagić, S.: Proof rules for gotos. Acta Informatica 11(2), 139–148 (1979). https://doi.org/10.1007/BF00264021
Ashcroft, E., Hoare, C.A.R., et al.: Remarks on “program proving: jumps and functions” by M. Clint and C.A.R. Hoare. Acta Informatica 6, 317–318 (1976)
Barnett, M., Leino, K.R.M.: Weakest-precondition of unstructured programs. In: Proceedings of the 6th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, pp. 82–87 (2005)
Bartels, B.: A mechanized verification environment for real-time process algebras and low-level programming languages. Ph.D. thesis, Technical University of Berlin (2014)
Bartels, B., Glesner, S.: Verification of distributed embedded real-time systems and their low-level implementations using timed CSP. In: 2011 18th Asia-Pacific Software Engineering Conference, pp. 195–202. IEEE (2011)
Bartels, B., Jähnig, N.: Mechanized, compositional verification of low-level code. In: Badger, J.M., Rozier, K.Y. (eds.) NFM 2014. LNCS, vol. 8430, pp. 98–112. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06200-6_8
Barthe, G., Grégoire, B., Laporte, V.: Secure compilation of side-channel countermeasures: the case of cryptographic “constant-time”. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 328–343. IEEE (2018)
Barthe, G., Rezk, T., Saabas, A.: Proof obligations preserving compilation. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2005. LNCS, vol. 3866, pp. 112–126. Springer, Heidelberg (2006). https://doi.org/10.1007/11679219_9
Benton, N.: A typed, compositional logic for a stack-based abstract machine. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 364–380. Springer, Heidelberg (2005). https://doi.org/10.1007/11575467_24
Benton, N.: Abstracting allocation. In: Ésik, Z. (ed.) CSL 2006. LNCS, vol. 4207, pp. 182–196. Springer, Heidelberg (2006). https://doi.org/10.1007/11874683_12
Benton, N., Zarfaty, U.: Formalizing and verifying semantic type soundness for a simple compiler (preliminary report). Technical report, Technical Report MSR-TR-2007-31, Microsoft Research (2007)
Benton, N., Zarfaty, U.: Formalizing and verifying semantic type soundness of a simple compiler. In: Proceedings of the 9th ACM SIGPLAN International Conference on Principles and Practice of Declarative Programming, pp. 1–12 (2007)
Burdy, L., Pavlova, M.: Java bytecode specification and verification. In: Proceedings of the 2006 ACM Symposium on Applied Computing, pp. 1835–1839 (2006)
Chlipala, A.: Mostly-automated verification of low-level programs in computational separation logic. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 234–245 (2011)
Chlipala, A.: The bedrock structured programming system: combining generative metaprogramming and Hoare logic in an extensible program verifier. In: Proceedings of the 18th ACM SIGPLAN International Conference on Functional Programming, pp. 391–402 (2013)
Clint, M.: Program proving: coroutines. Acta Informatica 2(1), 50–63 (1973). https://doi.org/10.1007/BF00571463
Clint, M., Hoare, C.A.R.: Program proving: jumps and functions. Acta Informatica 1(3), 214–224 (1972)
Dam, M., Guanciale, R., Nemati, H.: Machine code verification of a tiny Arm hypervisor. In: Proceedings of the 3rd International Workshop on Trustworthy Embedded Devices, pp. 3–12 (2013)
Danial, A.: Count Lines of Code (CLOC) (2020). https://github.com/AlDanial/cloc. version 1.86
De Bruin, A.: Goto statements: semantics and deduction systems. Acta Informatica 15(4), 385–424 (1981). https://doi.org/10.1007/BF00264536
Dong, Y., Ren, K., Wang, S., Zhang, S.: Certify once, trust anywhere: modular certification of bytecode programs for certified virtual machine. In: Hu, Z. (ed.) APLAS 2009. LNCS, vol. 5904, pp. 275–293. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10672-9_20
Dong, Y., Wang, S., Zhang, L., Yang, P.: Modular certification of low-level intermediate representation programs. In: 2009 33rd Annual IEEE International Computer Software and Applications Conference, vol. 1, pp. 563–570. IEEE (2009)
Duan, J.: Formal verification of device drivers in embedded systems. Ph.D. thesis, The University of Utah (2013)
Duan, J., Regehr, J.: Correctness proofs for device drivers in embedded systems. In: SSV (2010)
Feng, X., Ni, Z., Shao, Z., Guo, Y.: An open framework for foundational proof-carrying code. In: Proceedings of the 2007 ACM SIGPLAN International Workshop on Types in Languages Design and Implementation, pp. 67–78 (2007)
Feng, X., Shao, Z., Guo, Y., Dong, Y.: Combining domain-specific and foundational logics to verify complete software systems. In: Shankar, N., Woodcock, J. (eds.) VSTTE 2008. LNCS, vol. 5295, pp. 54–69. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87873-5_8
Feng, X., Shao, Z., Vaynberg, A., Xiang, S., Ni, Z.: Modular verification of assembly code with stack-based control abstractions. ACM SIGPLAN Not. 41(6), 401–414 (2006)
Fox, A.: Directions in ISA specification. In: Beringer, L., Felty, A. (eds.) ITP 2012. LNCS, vol. 7406, pp. 338–344. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32347-8_23
Hähnle, R., Mostowski, W.: Verification of safety properties in the presence of transactions. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 151–171. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30569-9_8
Hoare, C.A.R.: An axiomatic basis for computer programming. Commun. ACM 12(10), 576–580 (1969)
Jähnig, N., Göthel, T., Glesner, S.: A denotational semantics for communicating unstructured code. arXiv preprint arXiv:1503.04913 (2015)
Jähnig, N., Göthel, T., Glesner, S.: Refinement-based verification of communicating unstructured code. In: De Nicola, R., Kühn, E. (eds.) SEFM 2016. LNCS, vol. 9763, pp. 61–75. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41591-8_5
Klein, G., et al.: seL4: formal verification of an OS kernel. In: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, pp. 207–220 (2009)
Kowaltowski, T.: Axiomatic approach to side effects and general jumps. Acta Informatica 7(4), 357–360 (1977). https://doi.org/10.1007/BF00289468
Kumar, R., Myreen, M.O., Norrish, M., Owens, S.: CakeML: a verified implementation of ML. ACM SIGPLAN Not. 49(1), 179–191 (2014)
Lehner, H., Müller, P.: Formal translation of bytecode into BoogiePL. Electron. Not. Theor. Comput. Sci. 190(1), 35–50 (2007)
Lindner, A., Guanciale, R., Metere, R.: TrABin: trustworthy analyses of binaries. Sci. Comput. Program. 174, 72–89 (2019)
Manna, Z., Pnueli, A.: Axiomatic approach to total correctness of programs. Acta Informatica 3(3), 243–263 (1974). https://doi.org/10.1007/BF00288637
Marti, N.: Formal verification of low-level software. Ph.D. thesis, University of Tokyo (2008)
Morrisett, G., Walker, D., Crary, K., Glew, N.: From system F to typed assembly language. ACM Trans. Program. Lang. Syst. (TOPLAS) 21(3), 527–568 (1999)
Myreen, M.O.: Formal verification of machine-code programs. Technical report. University of Cambridge, Computer Laboratory (2009)
Myreen, M.O., Curello, G.: Proof pearl: a verified bignum implementation in x86-64 machine code. In: Gonthier, G., Norrish, M. (eds.) CPP 2013. LNCS, vol. 8307, pp. 66–81. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03545-1_5
Myreen, M.O., Gordon, M.J.C.: Hoare logic for realistically modelled machine code. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 568–582. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71209-1_44
Myreen, M.O., Gordon, M.J.: Verification of machine code implementations of arithmetic functions for cryptography. In: Theorem Proving in Higher Order Logics: Emerging Trends Proceedings. Department of Computer Science, University of Kaiserslautern (2007)
Myreen, M.O., Gordon, M.J., Slind, K.: Machine-code verification for multiple architectures-an application of decompilation into logic. In: 2008 Formal Methods in Computer-Aided Design, pp. 1–8. IEEE (2008)
Myreen, M.O., Gordon, M.J., Slind, K.: Decompilation into logic-improved. In: 2012 Formal Methods in Computer-Aided Design (FMCAD), pp. 78–81. IEEE (2012)
Necula, G.C.: Proof-carrying code. In: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 106–119 (1997)
Ni, Z., Shao, Z.: Certified assembly programming with embedded code pointers. In: Conference record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 320–333 (2006)
O’Donnell, M.J.: A critique of the foundations of Hoare style programming logics. Commun. ACM 25(12), 927–935 (1982)
Saabas, A., Uustalu, T.: A compositional natural semantics and Hoare logic for low-level languages. Electron. Notes Theor. Comput. Sci. 156(1), 151–168 (2006). http://www.sciencedirect.com/science/article/pii/S1571066106002222
Sewell, T.A.L., Myreen, M.O., Klein, G.: Translation validation for a verified OS kernel. In: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 471–482 (2013)
Tan, G., Appel, A.W.: A compositional logic for control flow. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 80–94. Springer, Heidelberg (2005). https://doi.org/10.1007/11609773_6
Tan, J., Tay, H.J., Gandhi, R., Narasimhan, P.: AUSPICE: automatic safety property verification for unmodified executables. In: Gurfinkel, A., Seshia, S.A. (eds.) VSTTE 2015. LNCS, vol. 9593, pp. 202–222. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29613-5_12
Wang, A.: An axiomatic basis for proving total correctness of goto-programs. BIT Numer. Math. 16(1), 88–102 (1976). https://doi.org/10.1007/BF01940782
Wang, W., Shao, Z., Jiang, X., Guo, Y.: A simple model for certifying assembly programs with first-class function pointers. In: 2011 Fifth International Conference on Theoretical Aspects of Software Engineering, pp. 125–132. IEEE (2011)
Yu, D., Hamid, N.A., Shao, Z.: Building certified libraries for PCC: dynamic storage allocation. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 363–379. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36575-3_25
Zha, J., Feng, X., Qiao, L.: Modular verification of SPARCv8 code. In: Ryu, S. (ed.) APLAS 2018. LNCS, vol. 11275, pp. 245–263. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02768-1_14
Zhao, L., Li, G., De Sutter, B., Regehr, J.: ARMor: fully verified software fault isolation. In: Proceedings of the Ninth ACM International Conference on Embedded Software, pp. 289–298 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Lundberg, D., Guanciale, R., Lindner, A., Dam, M. (2020). Hoare-Style Logic for Unstructured Programs. In: de Boer, F., Cerone, A. (eds) Software Engineering and Formal Methods. SEFM 2020. Lecture Notes in Computer Science(), vol 12310. Springer, Cham. https://doi.org/10.1007/978-3-030-58768-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-58768-0_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58767-3
Online ISBN: 978-3-030-58768-0
eBook Packages: Computer ScienceComputer Science (R0)