Verified Symbolic Execution with Kripke Specification Monads (and No Meta-programming)

被引:9
作者
Keuchel, Steven [1 ]
Huyghebaert, Sander [1 ]
Lukyanov, Georgy [2 ]
Devriese, Dominique [3 ]
机构
[1] Vrije Univ Brussel, Brussels, Belgium
[2] Newcastle Univ, Newcastle Upon Tyne, Tyne & Wear, England
[3] Katholieke Univ Leuven, Leuven, Belgium
来源
PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES-PACMPL | 2022年 / 6卷 / ICFP期
基金
欧洲研究理事会; 比利时弗兰德研究基金会;
关键词
program verification; symbolic execution; predicate transformers; separation logic; refinement; logical relations; VERIFICATION;
D O I
10.1145/3547628
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Verifying soundness of symbolic execution-based program verifiers is a significant challenge. This is especially true if the resulting tool needs to be usable outside of the proof assistant, in which case we cannot rely on shallowly embedded assertion logics and meta-programming. The tool needs to manipulate deeply embedded assertions, and it is crucial for efficiency to eagerly prune unreachable paths and simplify intermediate assertions in a way that can be justified towards the soundness proof. Only a few such tools exist in the literature, and their soundness proofs are intricate and hard to generalize or reuse. We contribute a novel, systematic approach for the construction and soundness proof of such a symbolic execution-based verifier. We first implement a shallow verification condition generator as an object language interpreter in a specification monad, using an abstract interface featuring angelic and demonic nondeterminism. Next, we build a symbolic executor by implementing a similar interpreter, in a symbolic specification monad. This symbolic monad lives in a universe that is Kripke-indexed by variables in scope and a path condition. Finally, we reduce the soundness of the symbolic execution to the soundness of the shallow execution by relating both executors using a Kripke logical relation. We report on the practical application of these techniques in KATAMARAN, a tool for verifying security guarantees offered by instruction set architectures (ISAs). The tool is fully verified by combining our symbolic execution machinery with a soundness proof of the shallow verification conditions against an axiomatized separation logic, and an Iris-based implementation of the axioms, proven sound against the operational semantics. Based on our experience with KATAMARAN, we can report good results on practicality and efficiency of the tool, demonstrating practical viability of our symbolic execution approach.
引用
收藏
页数:31
相关论文
共 78 条
[1]  
Abadi M., 1991, Journal of Functional Programming, V1, P375, DOI 10.1017/S0956796800000186
[2]   Dijkstra Monads for Free [J].
Ahman, Danel ;
Hritcu, Catalin ;
Maillard, Kenji ;
Martinez, Guido ;
Plotkin, Gordon ;
Protzenko, Jonathan ;
Rastogi, Aseem ;
Swamy, Nikhil .
ACM SIGPLAN NOTICES, 2017, 52 (01) :515-529
[3]   The KeY platform for verification and analysis of Java programs [J].
Ahrendt, Wolfgang ;
Beckert, Bernhard ;
Bruns, Daniel ;
Bubel, Richard ;
Gladisch, Christoph ;
Grebing, Sarah ;
Hähnle, Reiner ;
Hentschel, Martin ;
Herda, Mihai ;
Klebanov, Vladimir ;
Mostowski, Wojciech ;
Scheben, Christoph ;
Schmitt, Peter H. ;
Ulbrich, Mattias .
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2014, 8471 :55-71
[4]  
Altenkirch T, 1999, LECT NOTES COMPUT SC, V1683, P453
[5]  
Altenkirch Thorsten, 2003, GENERIC PROGRAMMING, DOI [10.1007/978-0-387-35672-3_1, DOI 10.1007/978-0-387-35672-3_1]
[6]  
[Anonymous], 1994, PRENTICE HALL INT SE
[7]  
[Anonymous], 2011, LNCS, DOI DOI 10.1007/978-3-642-21437-014
[8]  
[Anonymous], 2008, P 23 ACM SIGPLAN C O, DOI DOI 10.1145/1449764.1449782
[9]  
Appel Andrew W., 2011, Certified Programs and Proofs. Proceedings First International Conference, CPP 2011, P231
[10]   ISA Semantics for ARMv8-A, RISC-V, and CHERI-MIPS [J].
Armstrong, Alasdair ;
Bauereiss, Thomas ;
Campbell, Brian ;
Reid, Alastair ;
Gray, Kathryn E. ;
Norton, Robert M. ;
Mundkur, Prashanth ;
Wassell, Mark ;
French, Jon ;
Pulte, Christopher ;
Flur, Shaked ;
Stark, Ian ;
Krishnaswami, Neel ;
Sewell, Peter .
PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES-PACMPL, 2019, 3 (POPL)