Modular Verification of Procedure Equivalence in the Presence of Memory Allocation

  • Tim Wood
  • Sophia Drossopolou
  • Shuvendu K. Lahiri
  • Susan Eisenbach
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10201)

Abstract

For most high level languages, two procedures are equivalent if they transform a pair of isomorphic stores to isomorphic stores. However, tools for modular checking of such equivalence impose a stronger check where isomorphism is strengthened to equality of stores. This results in the inability to prove many interesting program pairs with recursion and dynamic memory allocation.

In this work, we present RIE, a methodology to modularly establish equivalence of procedures in the presence of memory allocation, cyclic data structures and recursion. Our technique addresses the need for finding witnesses to isomorphism with angelic allocation, supports reasoning about equivalent procedures calls when the stores are only locally isomorphic, and reasoning about changes in the order of procedure calls. We have implemented RIE by encoding it in the Boogie program verifier. We describe the encoding and prove its soundness.

Keywords

Program equivalence Program verification Version-aware verification 

References

  1. 1.
    Banerjee, A., Schmidt, D.A., Nikouei, M.: Relational logic with framing and hypotheses. In: FSTTCS (2016)Google Scholar
  2. 2.
    de Barker, J.W.: Axiomatics of simple assignment statements. In: MR 94 (1968)Google Scholar
  3. 3.
    Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: a modular reusable verifier for object-oriented programs. In: Boer, F.S., Bonsangue, M.M., Graf, S., Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006). doi:10.1007/11804192_17 CrossRefGoogle Scholar
  4. 4.
    Barthe, G., Crespo, J.M., Kunz, C.: Beyond 2-safety: asymmetric product programs for relational program verification. In: Artemov, S., Nerode, A. (eds.) LFCS 2013. LNCS, vol. 7734, pp. 29–43. Springer, Heidelberg (2013). doi:10.1007/978-3-642-35722-0_3 CrossRefGoogle Scholar
  5. 5.
    Barthe, G., Crespo, J.M., Kunz, C.: Product programs and relational program logics. J. Logical Algebraic Methods Program. 85(5), 847–859 (2016)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Barthe, G., Crespo, J.M., Kunz, C.: Relational verification using product programs. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 200–214. Springer, Heidelberg (2011). doi:10.1007/978-3-642-21437-0_17 CrossRefGoogle Scholar
  7. 7.
    Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: Proceedings of the 17th IEEE Workshop on Computer Security Foundations. IEEE Computer Society (2004)Google Scholar
  8. 8.
    Bavota, G., et al.: When does a refactoring induce bugs? An empirical study. In: 2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation (SCAM). IEEE (2012)Google Scholar
  9. 9.
    Benton, N.: Abstracting allocation. In: Ésik, Z. (ed.) CSL 2006. LNCS, vol. 4207, pp. 182–196. Springer, Heidelberg (2006). doi:10.1007/11874683_12 CrossRefGoogle Scholar
  10. 10.
    Benton, N.: Simple relational correctness proofs for static analyses and program transformations. In: Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM (2004)Google Scholar
  11. 11.
    Benton, N., et al.: Relational semantics for effect-based program transformations with dynamic allocation. In: Proceedings of the 9th ACM SIGPLAN International Conference on Principles and Practice of Declarative Programming. ACM (2007)Google Scholar
  12. 12.
    Beringer, L.: Relational decomposition. In: Eekelen, M., Geuvers, H., Schmaltz, J., Wiedijk, F. (eds.) ITP 2011. LNCS, vol. 6898, pp. 39–54. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22863-6_6 CrossRefGoogle Scholar
  13. 13.
    Bozga, M., Iosif, R., Laknech, Y.: Storeless semantics and alias logic. In: Proceedings of the 2003 ACM SIGPLAN Workshop on Partial Evaluation and Semantics-based Program Manipulation, PEPM 2003, San Diego, California, USA. ACM (2003)Google Scholar
  14. 14.
    Clarke, E., Kroening, D., Yorav, K.: Behavioral consistency of C and verilog programs using bounded model checking. In: 2003 Proceedings of the Design Automation Conference. IEEE (2003)Google Scholar
  15. 15.
    Dahl, O.J., Dijkstra, E.W., Hoare, C.A.R.: Structured Programming. Academic Press Ltd., Cambridge (1972)MATHGoogle Scholar
  16. 16.
    Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78800-3_24 CrossRefGoogle Scholar
  17. 17.
    Detlefs, D., Nelson, G., Saxe, J.B.: Simplify: a theorem prover for program checking. J. ACM 52(3), 365–473 (2005)MathSciNetCrossRefMATHGoogle Scholar
  18. 18.
    Elenbogen, D., Katz, S., Strichman, O.: Proving mutual termination. Form. Methods Syst. Des. 47(2), 204–229 (2015)CrossRefMATHGoogle Scholar
  19. 19.
    Felsing, D., et al.: Automating regression verification. In: Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering, ASE 2014. ACM (2014)Google Scholar
  20. 20.
    Godlin, B., Strichman, O.: Inference rules for proving the equivalence of recursive procedures. Acta Informatica 45(6), 403–439 (2008)MathSciNetCrossRefMATHGoogle Scholar
  21. 21.
    Godlin, B., Strichman, O.: Regression verification. In: Proceedings of the 46th Annual Design Automation Conference. ACM (2009)Google Scholar
  22. 22.
    Hawblitzel, C., Kawaguchi, M., Lahiri, S.K., Rebêlo, H.: Towards modularly comparing programs using automated theorem provers. In: Bonacina, M.P. (ed.) CADE 2013. LNCS (LNAI), vol. 7898, pp. 282–299. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38574-2_20 CrossRefGoogle Scholar
  23. 23.
    Hoare, C.A.R.: An axiomatic basis for computer programming. Commun. ACM 12(10), 576–580 (1969)CrossRefMATHGoogle Scholar
  24. 24.
    Igarishi, S.: An axiomatic approach to equivalence problems of algorithms with applications. Ph.D. thesis (1964)Google Scholar
  25. 25.
    Joshi, R., Leino, K.R.M.: A semantic approach to secure information flow. Sci. Comput. Program. 37, 1–3 (2000)MathSciNetCrossRefMATHGoogle Scholar
  26. 26.
    Kawaguchi, M., Lahiri, S.K., Rebêlo, H.: Conditional equivalence. Technical report MSR-TR-2010-119. Microsoft, October 2010Google Scholar
  27. 27.
    Koutavas, V., Wand, M.: Small bisimulations for reasoning about higher-order imperative programs. In: Conference Record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM (2006)Google Scholar
  28. 28.
    Kundu, S., Tatlock, Z., Lerner, S.: Proving optimizations correct using parameterized program equivalence. In: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM (2009)Google Scholar
  29. 29.
    Lahiri, S.K., Hawblitzel, C., Kawaguchi, M., Rebêlo, H.: SYMDIFF: a language-agnostic semantic diff tool for imperative programs. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 712–717. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31424-7_54 CrossRefGoogle Scholar
  30. 30.
    Lahiri, S., et al.: Differential assertion checking. In: Foundations of Software Engineering. ACM (2013)Google Scholar
  31. 31.
    Le, V., Afshari, M., Su, Z.: Compiler validation via equivalence modulo inputs’. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2014. ACM (2014)Google Scholar
  32. 32.
    Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR 2010. LNCS (LNAI), vol. 6355, pp. 348–370. Springer, Heidelberg (2010). doi:10.1007/978-3-642-17511-4_20 CrossRefGoogle Scholar
  33. 33.
    Leino, K.R.M., Müller, P.: Verification of equivalent-results methods. In: Drossopoulou, S. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 307–321. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78739-6_24 CrossRefGoogle Scholar
  34. 34.
    Milner, R.: Fully abstract models of typed \(\lambda \)-calculi. Theor. Comput. Sci. 4(1), 1–22 (1977)MathSciNetCrossRefMATHGoogle Scholar
  35. 35.
    Park, J., et al.: An empirical study of supplementary bug fixes. In: 2012 9th IEEE Working Conference on Mining Software Repositories (MSR) (2012)Google Scholar
  36. 36.
    Partush, N., Yahav, E.: Abstract semantic differencing via speculative correlation. In: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications. ACM (2014)Google Scholar
  37. 37.
    Pitts, A.M.: Operational semantics and program equivalence. In: Barthe, G., Dybjer, P., Pinto, L., Saraiva, J. (eds.) APPSEM 2000. LNCS, vol. 2395, pp. 378–412. Springer, Heidelberg (2002). doi:10.1007/3-540-45699-6_8 CrossRefGoogle Scholar
  38. 38.
    Stepp, M., Tate, R., Lerner, S.: Equality-based translation validator for LLVM. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 737–742. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22110-1_59 CrossRefGoogle Scholar
  39. 39.
    Strichman, O., Veitsman, M.: Regression verification for unbalanced recursive functions. In: Fitzgerald, J., Heitmeyer, C., Gnesi, S., Philippou, A. (eds.) FM 2016. LNCS, vol. 9995, pp. 645–658. Springer, Heidelberg (2016). doi:10.1007/978-3-319-48989-6_39 CrossRefGoogle Scholar
  40. 40.
    Tennent, R.D., Ghica, D.R.: Abstract models of storage. High.-Order Symbolic Comput. 13(1), 119–129 (2000)CrossRefMATHGoogle Scholar
  41. 41.
    Terauchi, T., Aiken, A.: Secure information flow as a safety problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352–367. Springer, Heidelberg (2005). doi:10.1007/11547662_24 CrossRefGoogle Scholar
  42. 42.
    Tristan, J.-B., Govereau, P., Morrisett, G.: Evaluating value-graph translation validation for LLVM. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM (2011)Google Scholar
  43. 43.
    Tzevelekos, N.: Program equivalence in a simple language with state. Comput. Lang. Syst. Struct. 38(2), 181–198 (2012)MATHGoogle Scholar
  44. 44.
    Wood, T.: Equivalence verification for memory allocating procedures. Ph.D. thesis, Imperial College London, Under SubmissionGoogle Scholar
  45. 45.
    Yang, H.: Relational separation logic. Theor. Comput. Sci. 375, 1–3 (2007)MathSciNetCrossRefMATHGoogle Scholar
  46. 46.
    Yanov, Y.: Logical operator schemes. In: Kybernetilca I (1958)Google Scholar
  47. 47.
    Zaks, A., Pnueli, A.: CoVaC: compiler validation by program analysis of the cross-product. In: Cuellar, J., Maibaum, T., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 35–51. Springer, Heidelberg (2008). doi:10.1007/978-3-540-68237-0_5 CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany 2017

Authors and Affiliations

  • Tim Wood
    • 1
  • Sophia Drossopolou
    • 1
  • Shuvendu K. Lahiri
    • 2
  • Susan Eisenbach
    • 1
  1. 1.Imperial College LondonLondonUK
  2. 2.Microsoft ResearchRedmondUSA

Personalised recommendations