There is a large body of work on concurrent reasoning including Rely-Guarantee (RG) and Concurrent Separation Logics. These theories are over-approximate: a proof identifies a superset of program behaviours and thus implies the absence of certain bugs. However, failure to find a proof does not imply their presence (leading to false positives in over-approximate tools). We describe a general theory of under-approximate reasoning for concurrency. Our theory incorporates ideas from Concurrent Incorrectness Separation Logic and RG based on a subset rather than a superset of interleavings. A strong motivation of our work is detecting software exploits; we do this by developing concurrent adversarial separation logic (CASL), and use CASL to detect information disclosure attacks that uncover sensitive data (e.g. passwords) and out-of-bounds attacks that corrupt data. We also illustrate our approach with classic concurrency idioms that go beyond prior under-approximate theories which we believe can inform the design of future concurrent bug detection tools.
@InProceedings{raad_et_al:LIPIcs.CONCUR.2023.25, author = {Raad, Azalea and Vanegue, Julien and Berdine, Josh and O'Hearn, Peter}, title = {{A General Approach to Under-Approximate Reasoning About Concurrent Programs}}, booktitle = {34th International Conference on Concurrency Theory (CONCUR 2023)}, pages = {25:1--25:17}, series = {Leibniz International Proceedings in Informatics (LIPIcs)}, ISBN = {978-3-95977-299-0}, ISSN = {1868-8969}, year = {2023}, volume = {279}, editor = {P\'{e}rez, Guillermo A. and Raskin, Jean-Fran\c{c}ois}, publisher = {Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik}, address = {Dagstuhl, Germany}, URL = {https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.CONCUR.2023.25}, URN = {urn:nbn:de:0030-drops-190195}, doi = {10.4230/LIPIcs.CONCUR.2023.25}, annote = {Keywords: Under-approximate reasoning, incorrectness logic, bug detection, software exploits, separation logic} }
Feedback for Dagstuhl Publishing