Trustworthy Runtime Verification via Bisimulation (Extended Experience Report)

📅 2026-07-01
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This work proposes CopilotVerifier, an automated verification framework designed to enhance the correctness and trustworthiness of runtime monitoring code in safety-critical systems by complementing the Copilot compiler. CopilotVerifier is the first to decompose the bisimulation relation between source programs and their compiled C code into verifiable conditions. By integrating symbolic execution (via Crucible) with SMT solving (through What4), the framework automatically generates formal proofs that guarantee semantic equivalence—ensuring identical outputs and consistent crash behaviors under equivalent inputs. This approach significantly strengthens compiler assurance with modest computational overhead and lays the groundwork for producing human-auditable formal arguments of correctness.
📝 Abstract
When runtime verification is used to monitor safety-critical systems, it is essential that monitoring code behaves correctly. The Copilot runtime verification framework pursues this goal by automatically generating C monitor programs from a high-level DSL embedded in Haskell. In safety-critical domains, every piece of deployed code must be accompanied by an assurance argument that is convincing to human auditors. However, it is difficult for auditors to determine with confidence that a compiled monitor cannot crash and implements the behavior required by the Copilot semantics. In this paper we describe CopilotVerifier, which runs alongside the Copilot compiler, generating a proof of correctness for the compiled output. The proof establishes that a given Copilot monitor and its compiled form produce equivalent outputs on equivalent inputs, and that they either crash in identical circumstances or cannot crash. The proof takes the form of a bisimulation broken down into a set of verification conditions. We leverage two pieces of SMT-backed technology: the Crucible symbolic execution library for LLVM and the What4 solver interface library. Our results demonstrate that dramatically increased compiler assurance can be achieved at moderate cost by building on existing tools. This paves the way to our ultimate goal of generating formal assurance arguments that are convincing to human auditors.
Problem

Research questions and friction points this paper is trying to address.

runtime verification
safety-critical systems
compiler correctness
formal assurance
bisimulation
Innovation

Methods, ideas, or system contributions that make the work stand out.

runtime verification
bisimulation
formal verification
SMT solving
compiler correctness