Software Verification of Hyperproperties Beyond k-Safety

Abstract

AbstractTemporal hyperproperties are system properties that relate multiple execution traces. For (finite-state) hardware, temporal hyperproperties are supported by model checking algorithms, and tools for general temporal logics like HyperLTL exist. For (infinite-state) software, the analysis of temporal hyperproperties has, so far, been limited tok-safety properties, i.e., properties that stipulate the absence of a bad interaction between anyktraces. In this paper, we present an automated method for the verification of$$\forall ^k\exists ^l$$∀k∃l-safety properties in infinite-state systems. A$$\forall ^k\exists ^l$$∀k∃l-safety property stipulates that for anyktraces, thereexistltraces such that the resulting$$k+l$$k+ltraces do not interact badly. This combination of universal and existential quantification enables us to express many properties beyondk-safety, including, for example, generalized non-interference or program refinement. Our method is based on a strategy-based instantiation of existential trace quantification combined with a program reduction, both in the context of a fixed predicate abstraction. Notably, our framework allows for mutual dependence of strategy and reduction.