Thirty-seven years of relational Hoare logic: remarks on its principles and history

Relational Hoare logics extend the applicability of modular, deductive verification to encompass important 2-run properties including dependency requirements such as confidentiality and program relations such as equivalence or similarity between program versions. A considerable number of recent works introduce different relational Hoare logics without yet converging on a core set of proof rules. This paper looks backwards to little known early work. This brings to light some principles that clarify and organize the rules as well as suggesting a new rule and a new notion of completeness.Comment: A version appears in proceedings of ISOLA 2020. Version2: fix typos, minor clarifications, add a citation. Version3: copy edits, add citations on completeness. Version 4: minor corrections. Version 5: restore missing precond in loop rul

Relational Logic with Framing and Hypotheses

Relational properties arise in many settings: relating two versions of a program that use different data representations, noninterference properties for security, etc. The main ingredient of relational verification, relating aligned pairs of intermediate steps, has been used in numerous guises, but existing relational program logics are narrow in scope. This paper introduces a logic based on novel syntax that weaves together product programs to express alignment of control flow points at which relational formulas are asserted. Correctness judgments feature hypotheses with relational specifications, discharged by a rule for the linking of procedure implementations. The logic supports reasoning about program-pairs containing both similar and dissimilar control and data structures. Reasoning about dynamically allocated objects is supported by a frame rule based on frame conditions amenable to SMT provers. We prove soundness and sketch how the logic can be used for data abstraction, loop optimizations, and secure information flow

Toward Tool-Independent Summaries for Symbolic Execution (Artifact)

The artifact contains the extended versions of the tools angr and AVD with support for the symbolic reflection API proposed in the paper. Additionally, the artifact contains the source code of SumBoundVerify, our novel tool for the bounded-verification of symbolic summaries for the C programming language. The artifact contains all the scripts and datasets required to obtain the results presented in the paper, including: a library of 67 symbolic summaries implemented using the proposed symbolic reflection API; two symbolic test suites designed to test two open source C libraries; and the source code of the third-party summaries that were validated checked with SumBoundVerify

Toward Tool-Independent Summaries for Symbolic Execution

We introduce a new symbolic reflection API for implementing tool-independent summaries for the symbolic execution of C programs. We formalise the proposed API as a symbolic semantics and extend two state-of-the-art symbolic execution tools with support for it. Using the proposed API, we implement 67 tool-independent symbolic summaries for a total of 26 libc functions. Furthermore, we present SumBoundVerify, a fully automatic summary validation tool for checking the bounded correctness of the symbolic summaries written using our symbolic reflection API. We use SumBoundVerify to validate 37 symbolic summaries taken from 3 state-of-the-art symbolic execution tools, angr, Binsec and Manticore, detecting a total of 24 buggy summaries

Monitoring Neural Activity with Bioluminescence during Natural Behavior

Existing techniques for monitoring neural activity in awake, freely behaving vertebrates are invasive and difficult to target to genetically identified neurons. We used bioluminescence to non-invasively monitor the activity of genetically specified neurons in freely behaving zebrafish. Transgenic fish with the Ca$^{2+}$-sensitive photoprotein green fluorescent protein (GFP)-Aequorin in most neurons generated large and fast bioluminescent signals that were related to neural activity, neuroluminescence, which could be recorded continuously for many days. To test the limits of this technique, we specifically targeted GFP-Aequorin to the hypocretin-positive neurons of the hypothalamus. We found that neuroluminescence generated by this group of ~20 neurons was associated with periods of increased locomotor activity and identified two classes of neural activity corresponding to distinct swim latencies. Our neuroluminescence assay can report, with high temporal resolution and sensitivity, the activity of small subsets of neurons during unrestrained behavior.Molecular and Cellular Biolog