Abstract
Unifying theories distil common features of programming languages and design methods by means of algebraic operators and their laws. Several practical concerns—e.g., improvement of a program, conformance of code with design, correctness with respect to specified requirements—are subsumed by the beautiful notion that programs and designs are special forms of specification and their relationships are instances of logical implication between specifications. Mathematical development of this idea has been fruitful but limited to an impoverished notion of specification: trace properties. Some mathematically precise properties of programs, dubbed hyperproperties, refer to traces collectively. For example, confidentiality involves knowledge of possible traces. This article reports on both obvious and surprising results about lifting algebras of programming to hyperproperties, especially in connection with loops, and suggests directions for further research. The technical results are: a compositional semantics, at the hyper level, of imperative programs with loops, and proof that this semantics coincides with the direct image of a standard semantics, for subset closed hyperproperties.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
This paper was written with the UTP [19] community in mind, but our use of the term “design” is informal and does not refer to the technical notion in UTP.
- 2.
- 3.
It is well known that loops are expressible in terms of recursion: \(\mathsf {while}\ {b}\ \mathsf {do}\ {c}\) can be expressed as and this is the form we use in semantics. A well known law is which factors out the termination condition.
- 4.
In [10], other reasons are given for using \(\{\emptyset \}\) rather than \(\emptyset \) as the false hyperproperty.
- 5.
Assaf et al. use fixpoint fusion in the inequational form mentioned following (2), to prove soundness of the derived abstract semantics. Their inequational result corresponding to our Theorem is proved, in the loop case, using explicit induction on approximation chains. See the proof of Theorem 1 in [3].
- 6.
Displayed formula following Theorem 1 of [3].
References
Aarts, C., et al.: Fixed-point calculus. Inf. Process. Lett. 53(3), 131–136 (1995)
Assaf, M., Naumann, D.A.: Calculational design of information flow monitors. In: Computer Security Foundations (2016)
Assaf, M., Naumann, D.A., Signoles, J., Totel, É., Tronel, F.: Hypercollecting semantics and its application to static analysis of information flow. In: POPL (2017)
Back, R.J., von Wright, J.: Refinement Calculus: A Systematic Introduction. Springer, New York (1998). https://doi.org/10.1007/978-1-4612-1674-2
Balliu, M., Dam, M., Guernic, G.L.: Epistemic temporal logic for information flow security. In: Programming Languages and Analysis for Security (2011)
Banks, M.J., Jacob, J.L.: Unifying theories of confidentiality. In: Qin, S. (ed.) UTP 2010. LNCS, vol. 6445, pp. 120–136. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16690-7_5
Banks, M.J., Jacob, J.L.: On integrating confidentiality and functionality in a formal method. Formal Aspects Comput. 26(5), 963–992 (2014)
Bird, R., de Moor, O.: Algebra of Programming. Prentice-Hall, Upper Saddle River (1996)
Clarkson, M.R., Finkbeiner, B., Koleini, M., Micinski, K.K., Rabe, M.N., Sánchez, C.: Temporal logics for hyperproperties. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 265–284. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54792-8_15
Clarkson, M.R., Schneider, F.B.: Hyperproperties. J. Comput. Secur. 18(6), 1157–1210 (2010)
Cousot, P.: The calculational design of a generic abstract interpreter. In: Broy, M., Steinbrüggen, R. (eds.) Calculational System Design. NATO ASI Series F, vol. 173. IOS Press, Amsterdam (1999)
Cousot, P.: Constructive design of a hierarchy of semantics of a transition system by abstract interpretation. Theor. Comput. Sci. 277(1–2), 47–103 (2002)
Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: POPL (1979)
Gardiner, P.H., Martin, C.E., de Moor, O.: An algebraic construction of predicate transformers. Sci. Comput. Program. 22, 21–44 (1994)
Gotliboym, M., Naumann, D.A.: Some observations on hypercollecting semantics and subset closed hyperproperties. https://www.cs.stevens.edu/~naumann/pub/noteSSC.pdf
Halpern, J.Y., Fagin, R., Moses, Y., Vardi, M.Y.: Reasoning About Knowledge. MIT Press, Cambridge (1995)
He, J., Hoare, C.A.R., Sanders, J.W.: Data refinement refined resume. In: Robinet, B., Wilhelm, R. (eds.) ESOP 1986. LNCS, vol. 213, pp. 187–196. Springer, Heidelberg (1986). https://doi.org/10.1007/3-540-16442-1_14
Hoare, C.A.R., Lauer, P.E.: Consistent and complementary formal theories of the semantics of programming languages. Acta Inf. 3, 135–153 (1974)
Hoare, C., He, J.: Unifying Theories of Programming. Prentice-Hall, Upper Saddle River (1998)
Hoare, T., Möller, B., Struth, G., Wehrman, I.: Concurrent Kleene algebra and its foundations. J. Log. Algebr. Program. 80(6), 266–296 (2011)
Jacob, J.: Security specifications. In: IEEE Symposium on Security and Privacy (1988)
Joshi, R., Leino, K.R.M.: A semantic approach to secure information flow. Sci. Comput. Program. 37(1–3), 113–138 (2000)
Kozen, D.: On Hoare logic and Kleene algebra with tests. ACM Trans. Comput. Log. 1(1), 60–76 (2000)
Mantel, H.: On the composition of secure systems. In: IEEE Symposium on Security and Privacy (2002)
Martin, C.E., Curtis, S.A., Rewitzky, I.: Modelling angelic and demonic nondeterminism with multirelations. Sci. Comput. Program. 65(2), 140–158 (2007)
Mastroeni, I., Pasqua, M.: Hyperhierarchy of semantics - a formal framework for hyperproperties verification. In: Ranzato, F. (ed.) SAS 2017. LNCS, vol. 10422, pp. 232–252. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66706-5_12
Mastroeni, I., Pasqua, M.: Verifying bounded subset-closed hyperproperties. In: Podelski, A. (ed.) SAS 2018. LNCS, vol. 11002, pp. 263–283. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99725-4_17
Morgan, C.: Programming from Specifications, 2nd edn. Prentice Hall, Upper Saddle River (1994)
Morgan, C.: The shadow knows: refinement and security in sequential programs. Sci. Comput. Program. 74(8), 629–653 (2009)
Morgan, C., Gardiner, P.: Data refinement by calculation. Acta Inf. 27, 481–503 (1990)
Morris, J.M., Bunkenburg, A., Tyrrell, M.: Term transformers: a new approach to state. ACM Trans. Program. Lang. Syst. 31(4), 16 (2009)
Naumann, D.A.: Data refinement, call by value, and higher order programs. Formal Aspects Comput. 7, 652–662 (1995)
Naumann, D.A.: A categorical model for higher order imperative programming. Math. Struct. Comput. Sci. 8(4), 351–399 (1998)
Naumann, D.A.: Towards patterns for heaps and imperative lambdas. J. Log. Algebraic Methods Program. 85(5), 1038–1056 (2016)
Roscoe, A.W., Woodcock, J.C.P., Wulf, L.: Non-interference through determinism. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 31–53. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-58618-0_55
Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. J. Comput. Secur. 17, 517–548 (2007)
Sampaio, A.: An Algebraic Approach to Compiler Design. AMAST Series in Computing, vol. 4. World Scientific, Singapore (1997)
Struth, G.: On the expressive power of Kleene algebra with domain. Inf. Process. Lett. 116(4), 284–288 (2016)
Acknowledgements
Anonymous reviewers offered helpful suggestions and pointed out errors, omissions, and infelicities in an earlier version.
The authors were partially supported by NSF award 1718713.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Naumann, D.A., Ngo, M. (2019). Whither Specifications as Programs. In: Ribeiro, P., Sampaio, A. (eds) Unifying Theories of Programming. UTP 2019. Lecture Notes in Computer Science(), vol 11885. Springer, Cham. https://doi.org/10.1007/978-3-030-31038-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-31038-7_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-31037-0
Online ISBN: 978-3-030-31038-7
eBook Packages: Computer ScienceComputer Science (R0)