Information flow policies are confidentiality policies that control information leakage through
program execution. A common way to enforce secure information flow is through information …

Relational program logics are formalisms for specifying and verifying properties about two
programs or two runs of the same program. These properties range from correctness of …

Unlike safety properties which require the absence of a “bad” program trace, k-safety
properties stipulate the absence of a “bad” interaction between k traces. Examples of k …

Hoare logics are proof systems that allow one to formally establish properties of computer
programs. Traditional Hoare logics prove properties of individual program executions (such …

Modular programming and modular verification go hand in hand, but most existing logics for
concurrency ignore two crucial forms of modularity:* higher-order functions*, which are …

Type soundness, which asserts that “well-typed programs cannot go wrong,” is widely
viewed as the canonical theorem one must prove to establish that a type system is doing its …

Much work in formal verification of low-level systems is based on one of two approaches:
refinement or separation logic. These two approaches have complementary benefits …

We present a novel approach to proving the absence of timing channels. The idea is to
partition the program's execution traces in such a way that each partition component is …

Rely-Guarantee reasoning is a well-known method for verification of shared-variable
concurrent programs. However, it is difficult for users to define rely/guarantee conditions …

Establishing quantitative bounds on the execution cost of programs is essential in many
areas of computer science such as complexity analysis, compiler optimizations, security and …