Automated Software Verification of Hyperliveness
Raven Beutner
TL;DR
This work targets automated verification of hyperproperties that combine universal and existential quantification (FEHTs) to capture rich specifications like generalized non-interference. It introduces FEHL, a sound-and-complete program logic for FEHTs, and a parametric postcondition framework that enables symbolic handling of nondeterministic choices. The ForEx tool implements these ideas, reducing FEHT verification to first-order SMT problems and handling asynchronous loop alignments through a counting-based rule. Experimental results show ForEx outperforming several existing approaches on a range of GNI and related hyperliveness benchmarks, highlighting the feasibility of fully automated hyperproperty verification for infinite-state software.
Abstract
Hyperproperties relate multiple executions of a program and are commonly used to specify security and information-flow policies. Most existing work has focused on the verification of $k$-safety properties, i.e., properties that state that all $k$-tuples of execution traces satisfy a given property. In this paper, we study the automated verification of richer properties that combine universal and existential quantification over executions. Concretely, we consider $\forall^k\exists^l$ properties, which state that for all $k$ executions, there exist $l$ executions that, together, satisfy a property. This captures important non-$k$-safety requirements, including hyperliveness properties such as generalized non-interference, opacity, refinement, and robustness. We design an automated constraint-based algorithm for the verification of $\forall^k\exists^l$ properties. Our algorithm leverages a sound-and-complete program logic and a (parameterized) strongest postcondition computation. We implement our algorithm in a tool called ForEx and report on encouraging experimental results.