Presentation is loading. Please wait.

Presentation is loading. Please wait.

07.02.2010Theory Days at Andup.1 Proving the Correctness of Dependency Graph Transformation Ilja Tšahhirov (joint work with Peeter Laud and Keiko Nakata)

Published byMercy Andrews Modified over 9 years ago

Similar presentations

Presentation on theme: "07.02.2010Theory Days at Andup.1 Proving the Correctness of Dependency Graph Transformation Ilja Tšahhirov (joint work with Peeter Laud and Keiko Nakata)"— Presentation transcript:

1 07.02.2010Theory Days at Andup.1 Proving the Correctness of Dependency Graph Transformation Ilja Tšahhirov (joint work with Peeter Laud and Keiko Nakata)

2 07.02.2010Theory Days at Andup.2 Talk plan Dependency graphs: some background Execution semantics formalization First step – graph fragments equivalence Next steps

3 07.02.2010Theory Days at Andup.3 A Security Protocol A  B: { secret } K AB B  : OK

4 07.02.2010Theory Days at Andup.4 Dependency Graph E K M Λ V ?? D ok? 1 ?? ?

5 07.02.2010Theory Days at Andup.5 Dependency Graph Execution Initialize the graph node values with ┴ / false, Repeat{ Adversary sets the and -nodes Graph is evaluated Adversary is made aware of the values of -nodes } until the Adversary indicates to stop Adversary’s goal in the game is to produce different output depending on the secret message ??

6 07.02.2010Theory Days at Andup.6 Transforming Dependency Graph The game does not change if a graph is replaced with another graph, having the same semantics, for example: Can be replaced with Λ ΛΛ

7 07.02.2010Theory Days at Andup.7 GUI for executing transformations

8 07.02.2010Theory Days at Andup.8 The Goal of this Work One has to be sure that the transformation preserves the semantics, before applying it The analyzer already has tens of transformations encoded; some of them are quite complex (in terms of amount of nodes involved) Need to have a way of formally ensuring that: –Two fragments are equivalent, –Procedure for applying the transformation preserves graph semantics when exchanging one fragment with another, equivalent, fragment

9 07.02.2010Theory Days at Andup.9 Talk plan Dependency graphs: some background Execution semantics formalization First step – graph fragments equivalence Next steps

10 07.02.2010Theory Days at Andup.10 Graph A Graph is a set of nodes, each representing a computation A Node is identified by –Its identity (label) –Its operation. An operation is either bitstring-valued or boolean- valued. The operation dictates which input ports the node has Operations: RS, Nonce, Const, Keypair, Pubkey, SigVer, VerKey, SymKey, PubEnc, SymEnc, PubEncZ, SymEncZ, Signature, SignedMsg, Tuple, Proj, PubDec, SymDec, Send, Begin, End, Receive, Secret, Merge, Id, Error, And, Or, Req, True, False, IsOK, IsEq, IsNeq, TestSig, TestSigP, InputB, InputS, OutputB, OutputS A Graph is a set of nodes, each representing a computation A Node is identified by –Its identity (label) –Its operation. An operation is either bitstring-valued or boolean- valued. The operation dictates which input ports the node has Operations: RS, Nonce, Const, Keypair, Pubkey, SigVer, VerKey, SymKey, PubEnc, SymEnc, PubEncZ, SymEncZ, Signature, SignedMsg, Tuple, Proj, PubDec, SymDec, Send, Begin, End, Receive, Secret, Merge, Id, Error, And, Or, Req, True, False, IsOK, IsEq, IsNeq, TestSig, TestSigP InputB, InputS, OutputB, OutputS

11 07.02.2010Theory Days at Andup.11 Configuration During the graph evaluation a value is computed for each node Graph itself is not changed during evaluation – the evaluation result is stored in the configuration: –Environment: Label  Value –Input environment: Label*  Value Label: set of label of all nodes Label*: set of label of InputB-nodes

12 07.02.2010Theory Days at Andup.12 Graph Evaluation Informally, the graph evaluation proceeds as following: Initialize: –Initialize the input environment with external inputs –Initialize the environment to map every node to false Repeat { for each node { Compute operation result (the values of operation inputs are taken from the environment or input environment) Store the computed value in the environment } } until no more changes are observed (for each node the computed value is equal to what is stored in the environment)

13 07.02.2010Theory Days at Andup.13 Graph Evaluation - Example 3:And 4:OutputB 1:InputB 2:True ρ 1 = false φ 1 = true ρ 3 = false ρ 4 = false ρ 2 = false ρ 1 = true ρ 2 = true ρ 3 = true ρ 4 = true

14 07.02.2010Theory Days at Andup.14 Graph: Theorem Prover Encoding Definition label := nat. Inductive operation : Type := | andop (ll: list label) | trueop | falseop | inputop | outputop (l: label). Inductive node : Type := boolnode (l: label)(o: operation). Definition graph := list node. Definition g3' : graph := ( (boolnode 1 inputop) ::(boolnode 3 (andop (1::nil))) ::(boolnode 4 (outputop 3)) ::nil). 3:And 1:InputB 4: OutputB

15 07.02.2010Theory Days at Andup.15 Environment: Theorem Prover Encoding (*Definition – both for environment and input environment *) label := nat value := bool env := list (label * value) (* Access and update functions *) lookup (r:env)(l:label) : option bool uf (r:env)(l:nat)(v:bool) : option env

16 07.02.2010Theory Days at Andup.16 Operation Semantics Fixpoint bf (rho:env) (phi:env) (n:node) : option bool := match n with boolnode l o  match o with | trueop  Some true | falseop  Some false | andop ll  andbn rho ll | inputop  lookup phi l | outputop l1  lookup rho l1 end end.

17 07.02.2010Theory Days at Andup.17 Graph Evaluation Step Fixpoint evalstep (g:graph)(rho:env)(phi:env) {struct g} : option env := match g with | nil  Some rho | (boolnode l o ) :: tl  let v := lookup rho l in match v with | None  None | Some b  let v':= bf rho phi (boolnode l o) in match v' with | None  None | Some b'  if (bool_dec b b') then evalstep tl rho phi else uf rho l b' end end.

18 07.02.2010Theory Days at Andup.18 Graph Evaluation Fixpoint eval (g:graph)(rho phi:env)(n:nat): option env := match n with | 0  Some rho | S n'  match (evalstep g rho phi) with | None  None | Some rho'  let n'' := ‌rho'‌ in if (beq_nat n n'') then Some rho else eval g rho' phi n' end end.

19 07.02.2010Theory Days at Andup.19 Talk plan Dependency graphs: some background Execution semantics formalization First step – graph fragments equivalence Next steps

20 07.02.2010Theory Days at Andup.20 Equivalence Definition – Example 1:input 4:output 3:and 4:output 1:input 2:true g1g1 g2g2 phi := (1,v)::nil rho init1 := (1,false)::(4:false)::nil rho init2 := (1,false)::(2,false)::(3, false)::(4:false)::nil rho final1 := eval g 1 rho init1 phi 2 rho final2 := eval g 2 rho init2 phi 4 Equivalence means that lookup rho final1 4 = lookup rho final2 4

21 07.02.2010Theory Days at Andup.21 Equivalence Definition Given the graphs g 1, g 2, satisfying the following requirements: Each node must have unique label Both graphs must have same set of input and output nodes The equivalence of g 1 and g 2 holds if for every output node with label l on g 1, lookup (eval g 1 rho 1 phi ‌rho 1 ‌) l = lookup (eval g 2 rho 2 phi ‌rho 2 ‌) l

22 07.02.2010Theory Days at Andup.22 Proving Equivalence Key Lemmas about Semantics Lemma eval_is_evalstep_fixpoint: forall g rho rho' phi, eval g rho phi ‌rho‌ = rho'  evalstep g rho' phi = rho'. Lemma evalstep_fixpoint_is_correct: forall g rho phi, evalstep g rho phi = Some rho  forall l op, node_in_graph (boolnode l op) g  lookup rho l = bf rho phi (boolnode l op).

23 07.02.2010Theory Days at Andup.23 Equivalence Proof Plan for two particular fragments Given the graph definitions, limit the output equality to particular output nodes For each of the two graphs: –Show that evaluation result is a fixed point of evalstep (using eval_is_evalstep_fixpoint ) –Show that the environment ( rho ) holds for all the nodes their “final” value at evaluation result (using evalstep_fixpoint_is_correct ) –For each node present its value as a function from input environment ( phi ) For each of the output nodes: –Show that on the first and the second graphs the functional dependency of the node from the input environment is the same

24 07.02.2010Theory Days at Andup.24 Talk plan Dependency graphs: some background Execution semantics formalization First step – graph fragments equivalence Next steps

25 07.02.2010Theory Days at Andup.25 Next Steps Graph equivalence definition and proof framework was the first significant step towards integration with automated analyzer tool The remaining steps are: –Formally define exchanging the (sub-)graph on another graph –Show that if two sub-graphs, g 1 and g 2, are equivalent, then exchanging g 1 with g 2 on a graph, containing g 1, results in the equivalent graph –Bring back the complete operations set –Bring in the support for the infinite fragments / graphs

26 07.02.2010Theory Days at Andup.26 Thank you!

Download ppt "07.02.2010Theory Days at Andup.1 Proving the Correctness of Dependency Graph Transformation Ilja Tšahhirov (joint work with Peeter Laud and Keiko Nakata)"

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
DS.GR.14 Graph Matching Input: 2 digraphs G1 = (V1,E1), G2 = (V2,E2) Questions to ask: 1.Are G1 and G2 isomorphic? 2.Is G1 isomorphic to a subgraph of.

DS.GR.14 Graph Matching Input: 2 digraphs G1 = (V1,E1), G2 = (V2,E2) Questions to ask: 1.Are G1 and G2 isomorphic? 2.Is G1 isomorphic to a subgraph of.
Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.

Functional Verification III Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture Notes 23.
Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.

Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.
SECURITY AND VERIFICATION Lecture 4: Cryptography proofs in context Tamara Rezk INDES TEAM, INRIA January 24 th, 2012.

SECURITY AND VERIFICATION Lecture 4: Cryptography proofs in context Tamara Rezk INDES TEAM, INRIA January 24 th, 2012.
1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.

1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
8. Introduction to Denotational Semantics. © O. Nierstrasz PS — Denotational Semantics 8.2 Roadmap Overview:  Syntax and Semantics  Semantics of Expressions.

8. Introduction to Denotational Semantics. © O. Nierstrasz PS — Denotational Semantics 8.2 Roadmap Overview:  Syntax and Semantics  Semantics of Expressions.
Introduction to Algorithms

Introduction to Algorithms
Gillat Kol (IAS) joint work with Ran Raz (Weizmann + IAS) Interactive Channel Capacity.

Gillat Kol (IAS) joint work with Ran Raz (Weizmann + IAS) Interactive Channel Capacity.
Deciding Equality with Uninterpreted Functions using Congruence Closure Constantinos Bartzis.

Deciding Equality with Uninterpreted Functions using Congruence Closure Constantinos Bartzis.
Complexity 26-1 Complexity Andrei Bulatov Interactive Proofs.

Complexity 26-1 Complexity Andrei Bulatov Interactive Proofs.
Complexity 18-1 Complexity Andrei Bulatov Probabilistic Algorithms.

Complexity 18-1 Complexity Andrei Bulatov Probabilistic Algorithms.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
Introduction to Computability Theory

Introduction to Computability Theory
1 Introduction to Computability Theory Lecture4: Non Regular Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture4: Non Regular Languages Prof. Amos Israeli.
Validating Streaming XML Documents Luc Segoufin & Victor Vianu Presented by Harel Paz.

Validating Streaming XML Documents Luc Segoufin & Victor Vianu Presented by Harel Paz.
1 Introduction to Computability Theory Lecture4: Non Regular Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture4: Non Regular Languages Prof. Amos Israeli.
Theory of Computing Lecture 22 MAS 714 Hartmut Klauck.

Theory of Computing Lecture 22 MAS 714 Hartmut Klauck.
Chapter 2: Algorithm Discovery and Design

Chapter 2: Algorithm Discovery and Design

Similar presentations

Ads by Google