5 research outputs found
An efficient contradiction separation based automated deduction algorithm for enhancing reasoning capability
Automated theorem prover (ATP) for first-order logic (FOL), as a significant inference engine, is one of the hot research areas in the field of knowledge representation and automated reasoning. E prover, as one of the leading ATPs, has made a significant contribution to the development of theorem provers for FOL, particularly equality handling, after more than two decades of development. However, there are still a large number of problems in the TPTP problem library, the benchmark problem library for ATPs, that E has yet to solve. The standard contradiction separation (S-CS) rule is an inference method introduced recently that can handle multiple clauses in a synergized way and has a few distinctive features which complements to the calculus of E. Binary clauses, on the other hand, are widely utilized in the automated deduction process for FOL because they have a minimal number of literals (typically only two literals), few symbols, and high manipulability. As a result, it is feasible to improve a prover's deduction capability by reusing binary clause. In this paper, a binary clause reusing algorithm based on the S-CS rule is firstly proposed, which is then incorporated into E with the objective to enhance Eβs performance, resulting in an extended E prover. According to experimental findings, the performance of the extended E prover not only outperforms E itself in a variety of aspects, but also solves 18 problems with rating of 1 in the TPTP library, meaning that none of the existing ATPs are able to resolve them
ΠΠΎΠΌΠΏΠ»Π΅ΠΊΡΠ½ΡΠΉ ΠΏΠΎΠ΄Ρ ΠΎΠ΄ ΡΠΈΡΡΠ΅ΠΌΡ C-lightVer ΠΊ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΠ·ΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠΉ Π»ΠΎΠΊΠ°Π»ΠΈΠ·Π°ΡΠΈΠΈ ΠΎΡΠΈΠ±ΠΎΠΊ Π² C-ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠ°Ρ
The C-lightVer system for the deductive verification of C programs is being developed at the IIS SB RAS. Based on the two-level architecture of the system, the C-light input language is translated into the intermediate C-kernel language. The meta generator of the correctness conditions receives the C-kernel program and Hoare logic for the C-kernel as input. To solve the well-known problem of determining loop invariants, the definite iteration approach was chosen. The body of the definite iteration loop is executed once for each element of the finite dimensional data structure, and the inference rule for them uses the substitution operation rep, which represents the action of the cycle in symbolic form. Also, in our meta generator, the method of semantic markup of correctness conditions has been implemented and expanded. It allows to generate explanations for unproven conditions and simplifies the errors localization. Finally, if the theorem prover fails to determine the truth of the condition, we can focus on proving its falsity. Thus a method of proving the falsity of the correctness conditions in the ACL2 system was developed. The need for more detailed explanations of the correctness conditions containing the replacement operation rep has led to a change of the algorithms for generating the replacement operation, and the generation of explanations for unproven correctness conditions. Modifications of these algorithms are presented in the article. They allow marking rep definition with semantic labels, extracting semantic labels from rep definition and generating description of break execution condition.Π ΠΠ‘Π Π‘Π Π ΠΠ ΡΠ°Π·ΡΠ°Π±Π°ΡΡΠ²Π°Π΅ΡΡΡ ΡΠΈΡΡΠ΅ΠΌΠ° C-lightVer Π΄Π»Ρ Π΄Π΅Π΄ΡΠΊΡΠΈΠ²Π½ΠΎΠΉ Π²Π΅ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ Π‘-ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌ. ΠΡΡ
ΠΎΠ΄Ρ ΠΈΠ· Π΄Π²ΡΡ
ΡΡΠΎΠ²Π½Π΅Π²ΠΎΠΉ Π°ΡΡ
ΠΈΡΠ΅ΠΊΡΡΡΡ ΡΠΈΡΡΠ΅ΠΌΡ, Π²Ρ
ΠΎΠ΄Π½ΠΎΠΉ ΡΠ·ΡΠΊ C-light ΡΡΠ°Π½ΡΠ»ΠΈΡΡΠ΅ΡΡΡ Π² ΠΏΡΠΎΠΌΠ΅ΠΆΡΡΠΎΡΠ½ΡΠΉ ΡΠ·ΡΠΊ C-kernel. ΠΠ΅ΡΠ°Π³Π΅Π½Π΅ΡΠ°ΡΠΎΡ ΡΡΠ»ΠΎΠ²ΠΈΠΉ ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΡΡΠΈ ΠΏΡΠΈΠ½ΠΈΠΌΠ°Π΅Ρ Π½Π° Π²Ρ
ΠΎΠ΄ C-kernel ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΡ ΠΈ Π»ΠΎΠ³ΠΈΠΊΡ Π₯ΠΎΠ°ΡΠ° Π΄Π»Ρ C-kernel. ΠΠ»Ρ ΡΠ΅ΡΠ΅Π½ΠΈΡ ΠΈΠ·Π²Π΅ΡΡΠ½ΠΎΠΉ ΠΏΡΠΎΠ±Π»Π΅ΠΌΡ Π·Π°Π΄Π°Π½ΠΈΡ ΠΈΠ½Π²Π°ΡΠΈΠ°Π½ΡΠΎΠ² ΡΠΈΠΊΠ»ΠΎΠ² Π²ΡΠ±ΡΠ°Π½ ΠΏΠΎΠ΄Ρ
ΠΎΠ΄ ΡΠΈΠ½ΠΈΡΠ½ΡΡ
ΠΈΡΠ΅ΡΠ°ΡΠΈΠΉ. Π’Π΅Π»ΠΎ ΡΠΈΠΊΠ»Π° ΡΠΈΠ½ΠΈΡΠ½ΠΎΠΉ ΠΈΡΠ΅ΡΠ°ΡΠΈΠΈ ΠΈΡΠΏΠΎΠ»Π½ΡΠ΅ΡΡΡ ΠΎΠ΄ΠΈΠ½ ΡΠ°Π· Π΄Π»Ρ ΠΊΠ°ΠΆΠ΄ΠΎΠ³ΠΎ ΡΠ»Π΅ΠΌΠ΅Π½ΡΠ° ΡΡΡΡΠΊΡΡΡΡ Π΄Π°Π½Π½ΡΡ
ΠΊΠΎΠ½Π΅ΡΠ½ΠΎΠΉ ΡΠ°Π·ΠΌΠ΅ΡΠ½ΠΎΡΡΠΈ, Π° ΠΏΡΠ°Π²ΠΈΠ»ΠΎ Π²ΡΠ²ΠΎΠ΄Π° Π΄Π»Ρ Π½ΠΈΡ
ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅Ρ ΠΎΠΏΠ΅ΡΠ°ΡΠΈΡ Π·Π°ΠΌΠ΅Π½Ρ rep, Π²ΡΡΠ°ΠΆΠ°ΡΡΡΡ Π΄Π΅ΠΉΡΡΠ²ΠΈΠ΅ ΡΠΈΠΊΠ»Π° Π² ΡΠΈΠΌΠ²ΠΎΠ»ΠΈΡΠ΅ΡΠΊΠΎΠΉ ΡΠΎΡΠΌΠ΅. Π’Π°ΠΊΠΆΠ΅ Π² Π½Π°ΡΠ΅ΠΌ ΠΌΠ΅ΡΠ°Π³Π΅Π½Π΅ΡΠ°ΡΠΎΡΠ΅ Π²Π½Π΅Π΄ΡΠ΅Π½ ΠΈ ΡΠ°ΡΡΠΈΡΠ΅Π½ ΠΌΠ΅ΡΠΎΠ΄ ΡΠ΅ΠΌΠ°Π½ΡΠΈΡΠ΅ΡΠΊΠΎΠΉ ΡΠ°Π·ΠΌΠ΅ΡΠΊΠΈ ΡΡΠ»ΠΎΠ²ΠΈΠΉ ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΡΡΠΈ. ΠΠ½ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ΅Ρ ΠΏΠΎΡΠΎΠΆΠ΄Π°ΡΡ ΠΏΠΎΡΡΠ½Π΅Π½ΠΈΡ Π΄Π»Ρ Π½Π΅Π΄ΠΎΠΊΠ°Π·Π°Π½Π½ΡΡ
ΡΡΠ»ΠΎΠ²ΠΈΠΉ ΠΈ ΡΠΏΡΠΎΡΠ°Π΅Ρ Π»ΠΎΠΊΠ°Π»ΠΈΠ·Π°ΡΠΈΡ ΠΎΡΠΈΠ±ΠΎΠΊ. ΠΠ°ΠΊΠΎΠ½Π΅Ρ, Π΅ΡΠ»ΠΈ ΡΠΈΡΡΠ΅ΠΌΠ° ACL2 Π½Π΅ ΡΠΏΡΠ°Π²Π»ΡΠ΅ΡΡΡ Ρ ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½ΠΈΠ΅ΠΌ ΠΈΡΡΠΈΠ½Π½ΠΎΡΡΠΈ ΡΡΠ»ΠΎΠ²ΠΈΡ, ΠΌΠΎΠΆΠ½ΠΎ ΡΠΎΡΡΠ΅Π΄ΠΎΡΠΎΡΠΈΡΡΡΡ Π½Π° Π΄ΠΎΠΊΠ°Π·Π°ΡΠ΅Π»ΡΡΡΠ²Π΅ Π΅Π³ΠΎ Π»ΠΎΠΆΠ½ΠΎΡΡΠΈ. Π Π°Π½Π΅Π΅ Π½Π°ΠΌΠΈ Π±ΡΠ» ΡΠ°Π·ΡΠ°Π±ΠΎΡΠ°Π½ ΡΠΏΠΎΡΠΎΠ± Π΄ΠΎΠΊΠ°Π·Π°ΡΠ΅Π»ΡΡΡΠ²Π° Π»ΠΎΠΆΠ½ΠΎΡΡΠΈ ΡΡΠ»ΠΎΠ²ΠΈΠΉ ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΡΡΠΈ Π΄Π»Ρ ΡΠΈΡΡΠ΅ΠΌΡ ACL2. ΠΠ΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎΡΡΡ Π² Π±ΠΎΠ»Π΅Π΅ ΠΏΠΎΠ΄ΡΠΎΠ±Π½ΡΡ
ΠΎΠ±ΡΡΡΠ½Π΅Π½ΠΈΡΡ
ΡΡΠ»ΠΎΠ²ΠΈΠΉ ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΡΡΠΈ, ΡΠΎΠ΄Π΅ΡΠΆΠ°ΡΠΈΡ
ΠΎΠΏΠ΅ΡΠ°ΡΠΈΡ Π·Π°ΠΌΠ΅Π½Ρ rep, ΠΏΡΠΈΠ²Π΅Π»Π° ΠΊ ΠΈΠ·ΠΌΠ΅Π½Π΅Π½ΠΈΡ Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ² Π³Π΅Π½Π΅ΡΠ°ΡΠΈΠΈ ΠΎΠΏΠ΅ΡΠ°ΡΠΈΠΈ Π·Π°ΠΌΠ΅Π½Ρ, ΠΈΠ·Π²Π»Π΅ΡΠ΅Π½ΠΈΡ ΡΠ΅ΠΌΠ°Π½ΡΠΈΡΠ΅ΡΠΊΠΈΡ
ΠΌΠ΅ΡΠΎΠΊ ΠΈ Π³Π΅Π½Π΅ΡΠ°ΡΠΈΠΈ ΠΎΠ±ΡΡΡΠ½Π΅Π½ΠΈΠΉ Π½Π΅Π΄ΠΎΠΊΠ°Π·Π°Π½Π½ΡΡ
ΡΡΠ»ΠΎΠ²ΠΈΠΉ ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΡΡΠΈ. Π ΡΡΠ°ΡΡΠ΅ ΠΏΡΠ΅Π΄ΡΡΠ°Π²Π»Π΅Π½Ρ ΠΌΠΎΠ΄ΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ Π΄Π°Π½Π½ΡΡ
Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ². ΠΡΠΈ ΠΈΠ·ΠΌΠ΅Π½Π΅Π½ΠΈΡ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡΡ ΠΏΠΎΠΌΠ΅ΡΠΈΡΡ ΠΈΡΡ
ΠΎΠ΄Π½ΡΠΉ ΠΊΠΎΠ΄ ΡΡΠ½ΠΊΡΠΈΠΈ rep ΡΠ΅ΠΌΠ°Π½ΡΠΈΡΠ΅ΡΠΊΠΈΠΌΠΈ ΠΌΠ΅ΡΠΊΠ°ΠΌΠΈ, ΠΈΠ·Π²Π»Π΅ΠΊΠ°ΡΡ ΡΠ΅ΠΌΠ°Π½ΡΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΠΌΠ΅ΡΠΊΠΈ ΠΈΠ· ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΡ rep, Π° ΡΠ°ΠΊΠΆΠ΅ Π³Π΅Π½Π΅ΡΠΈΡΠΎΠ²Π°ΡΡ ΠΎΠΏΠΈΡΠ°Π½ΠΈΠ΅ ΡΡΠ»ΠΎΠ²ΠΈΡ ΠΈΡΠΏΠΎΠ»Π½Π΅Π½ΠΈΡ ΠΈΠ½ΡΡΡΡΠΊΡΠΈΠΈ break
Detection and Exploitation of Information Flow Leaks
This thesis contributes to the field of language-based information flow analysis with a focus on detection and exploitation of information flow leaks in programs.
To achieve this goal, this thesis presents a number of precise semi-automatic approaches that allow one to detect, exploit and judge the severity of information flow leaks in programs.
The first part of the thesis develops an approach to detect and demonstrate information flow leaks in a program. This approach analyses a given program statically using symbolic execution and self-composition with the aim to generate so-called insecurity formulas whose satisfying models (obtained by SMT solvers) give rise to pairs of initial states that demonstrate insecure information flows. Based on these models, small unit test cases, so-called leak demonstrators, are created that check for the detected information flow leaks and fail if these exist. The developed approach is able to deal with unbounded loops and recursive method invocation by using program specifications like loop invariants or method contracts. This allows the approach to be fully precise (if needed) but also to abstract and allow for false positives in exchange for a higher degree of automation and simpler specifications.
The approach supports several information flow security policies, namely, noninterference, delimited information release, and information erasure.
The second part of the thesis builds upon the previous approach that allows the user to judge the severity of an information flow leak by exploiting the detected leaks in order to infer the secret information. This is achieved by utilizing a hybrid analysis which conducts an adaptive attack by performing a series of experiments. An experiment constitutes a concrete program run which serves to accumulate the knowledge about the secret. Each experiment is carried out with optimal low inputs deduced from the prior distribution and the knowledge of secret so that the potential leakage is maximized. We propose a novel approach to quantify information leakages as explicit functions of low inputs using symbolic execution and parametric model counting. Depending on the chosen security metric, general nonlinear optimization tools or Max-SMT solvers are used to find optimal low inputs, i.e., inputs that cause the program to leak a maximum of information.
For the purpose of evaluation, both approaches have been fully implemented in the tool KEG, which is based on the state-of-the-art program verification system KeY. KEG supports a rich subset of sequential Java programs and generates executable JUnit tests as leak demonstrators. For the secret inference, KEG produces executable Java programs and runs them to perform the adaptive attack.
The thesis discusses the planning, execution, and results of the evaluation. The evaluation has been performed on a collection of micro-benchmarks as well as two case studies, which are taken from the literature.
The evaluation using the micro-benchmarks shows that KEG detects successfully all information flow leaks and is able to generate correct demonstrators in case the supplied specifications are correct and strong enough. With respect to secret inference, it shows that the approach presented in this thesis (which computes optimal low inputs) helps an attacker to learn the secret much more efficiently compared to approaches using arbitrary low inputs.
KEG has also been evaluated in two case studies. The first case study is performed on an e-voting software which has been extracted in a simplified form from a real-world e-voting system. This case study focuses on the leak detection and demonstrator generation approach. The e-voting case study shows that KEG is able to deal with relatively complicated programs that include unbounded loops, objects, and arrays. Moreover, the case study demonstrates that KEG can be integrated with a specification generation tool to obtain both precision and full automation. The second case study is conducted on a PIN integrity checking program, adapted from a real-world ATM PIN verifying system. This case study mainly demonstrates the secret inference feature of KEG. It shows that KEG can help an attacker to learn the secret more efficiently given a good enough assumption about the prior distribution of secret
Symbolic Computation and Automated Reasoning for Program Analysis
This talk describes how a combination of symbolic computation techniques with first-order theorem proving can be used for solving some challenges of automating program analysis, in particular for generating and proving properties about the logically complex parts of software. The talk will first present how computer algebra methods, such as Grobner basis computation, quantifier elimination and algebraic recurrence solving, help us in inferring properties of program loops with non-trivial arithmetic. Typical properties inferred by our work are loop invariants and expressions bounding the number of loop iterations. The talk will then describe our work to generate first-order properties of programs with unbounded data structures, such as arrays. For doing so, we use saturation-based first-order theorem proving and extend first-order provers with support for program analysis. Since program analysis requires reasoning in the combination of first-order theories of data structures, the talk also discusses new features in first-order theorem proving, such as inductive reasoning and built-in boolean sort. These extensions allow us to express program properties directly in first-order logic and hence use further first-order theorem provers to reason about program properties