A Deductive System for Contract Satisfaction Proofs

Abstract: Hardware-software contracts are abstract specifications of a CPU's leakage behavior. They enable verifying the security of high-level programs against side-channel attacks without having to explicitly reason about the microarchitectural details of the CPU. Using the abstraction powers of a contract requires proving that the targeted CPU satisfies the contract in the sense that the contract over-approximates the CPU's leakage. Besides pen-and-paper reasoning, proving contract satisfaction has been approached mostly from the model-checking perspective, with approaches based on a (semi-)automated search for the necessary invariants. As an alternative, this paper explores how such proofs can be conducted in interactive proof assistants. We start by observing that contract satisfaction is an instance of a more general problem we call relative trace equality, and we introduce relative bisimulation as an associated proof technique. Leveraging recent advances in the field of coinductive proofs, we develop a deductive proof system for relative trace equality. Our system is provably sound and complete, and it enables a modular and incremental proof style. It also features several reasoning principles to simplify proofs by exploiting symmetries and transitivity properties. We formalized our deductive system in the Rocq proof assistant and applied it to two challenging contract satisfaction proofs.

• The paper introduces a formal deductive system using relative bisimulation and parameterized coinduction to prove contract satisfaction between hardware and software.
• The system is applied to challenging scenarios like always-mispredict and out-of-order execution, effectively managing asynchronous trace reasoning.
• Up-to techniques are integrated to enhance modularity and scalability, providing a robust framework for mechanized security proofs.

A Deductive System for Provable Hardware-Software Contract Satisfaction

Introduction and Motivation

This paper develops a formal deductive system for establishing contract satisfaction between hardware microarchitectures and hardware-software contracts, focused on formalizing and mechanizing security reasoning about side-channel leakage. The core motivation is to provide a foundationally sound, modular, and mechanization-friendly alternative to prior model checking and pen-and-paper techniques, supporting interactive construction and verification of contract satisfaction proofs in a proof assistant (Rocq). This addresses key limitations of automation-centric approaches—such as black-box validation, weak guarantees, and scalability issues—while overcoming complexity and lack of verification in prior dense manual proofs.

In the context of microarchitectural side channels, hardware-software contracts capture an abstraction of a CPU’s observable leakage in terms of ISA-defined traces, enabling reasoning about program security at the ISA level without needing low-level microarchitectural details. Contract satisfaction ensures that the contract soundly over-approximates all leakage of the hardware: whenever the contract equates leakage of two program executions, the hardware must as well. However, the reasoning involves complex 4-ary relational properties between two contract and two hardware traces, often requiring asynchronous, non-lockstep reasoning due to possible semantic misalignments, diverging executions, and asynchronicity from speculation or out-of-order execution.

Formalization of Contract Satisfaction and Relative Trace Equality

Contract satisfaction is rigorously defined as a hyperproperty: for any program $P$ and states $\sigma,\sigma',\mu$, if the contract predicts identical leakage for $P$ on $\sigma$ and $\sigma'$, then the hardware must not distinguish between the executions starting from $(\sigma,\mu)$ and $(\sigma',\mu)$. This is formalized as a relational implication between two infinite traces produced by deterministic transition systems (for both contract and hardware semantics).

The authors generalize this reasoning into the problem of relative trace equality: determining, for two pairs of states (from contract and hardware), whether equality of contract traces implies equality of hardware traces. Classical coinductive bisimulation is insufficient for this 4-ary relational setting, especially when asynchronicity (e.g., speculation or instruction reordering) breaks lockstep correspondence between traces.

Relative Bisimulation and the Deductive Proof System

The central technical contribution is the formalization of relative bisimulation: a coinductive-inductive relation that simultaneously and incrementally tracks contract and hardware traces, supporting both lockstep and non-lockstep advances in the two domains. The authors define a greatest fixpoint (for hardware steps) alternated with a least fixpoint (for contract steps), permitting asynchronous progression and incremental construction of relational invariants. This key insight allows for a sound and complete characterization of relative trace equality, as proven in the paper.

Using this foundation, the authors develop a deductive proof system based on parameterized coinduction (Paco) methodologies, formulating proof quintuples that represent proof states annotated with guarded (coinductive) and unguarded (inductive) hypotheses. The deductive system offers:

• Step rules for progressing the proof on contract or hardware transitions, with appropriate guards and unguarded phases.
• An invariant rule for incrementally extending relational invariants.
• Cycle and guard rules for concluding proofs when invariant hypotheses are re-encountered.
• Mechanisms for supporting both lockstep and asynchrony, managing the proof’s alternation between induction and coinduction.

The system is proven sound and complete for contract satisfaction, yielding fully formalized and mechanizable proofs of relational hyperproperties.

Case Studies: Speculative and Out-of-Order Abstractions

The system is instantiated for two essential contract scenarios:

1. Always-Mispredict Contract: This abstraction, crucial for modeling speculative execution vulnerabilities such as Spectre, is formalized and proven sound. The proof intricately handles the asynchronous mismatch when hardware correctly predicts branches while the contract always mispredicts, requiring non-lockstep reasoning within the deductive system. Invariants relate pairs of contract and hardware states, and proof steps leverage the full power of the system to incrementally traverse misaligned speculative windows.
2. Sequential Contract for Out-of-Order Execution: Here, an abstraction layer models hardware that executes instructions out-of-order (with a one-instruction buffer), while the contract observes sequential ISA order. By proving contract satisfaction, the authors show that observable security properties are preserved even in the presence of reduced-order execution, provided certain commutativity/delayability conditions on instructions are met.

In both cases, proofs formalized in Rocq closely track the structure of the deductive system, enabling modular, reusable lemmas and efficient handling of the inherent asynchronicity found in realistic CPU models.

Up-To Techniques and Proof Optimization

To address practical scalability and modularity, the paper extends the deductive system with up-to techniques, leveraging the companion approach and generalized parameterized coinduction. Compatible up-to functions (e.g., up-to symmetries, equivalence classes, and transitivity) are shown to be safely integrable into the proof process, enabling more concise invariants and localized reasoning. These techniques are explicitly formalized and proven compatible with the underlying coinduction, save for certain transitive augmentations that require care due to non-symmetry.

Implications and Future Directions

The presented framework marks a significant advancement in foundational methods for hyperproperty reasoning in hardware security, particularly where side-channel leakage and microarchitectural effects must be formally controlled. By providing a sound, complete, and proof assistant–friendly deductive system, it substantially raises the rigor, auditability, and incremental verifiability of contract satisfaction proofs.

Numerical Results and Claims: The system has been operationalized in Rocq and used to complete mechanized proofs for two sophisticated contract scenarios (always-mispredict and out-of-order), with detailed invariant construction and stepwise reasoning. A strong claim is the completeness of the deductive system for relative trace equality, formally proved. The sound integration of up-to methods further increases its practicality.

Contradictions to Prior Approaches: The work departs from model-checking and automated invariant search, assuming instead human-guided, mechanized inductive/coinductive proof—leading to more foundational assurance at the cost of less automation, but supporting correctness down to the semantics level.

On the theoretical front, the characterization of contract satisfaction as relative bisimulation opens pathways to broader applications, such as verifying speculative noninterference (SNI) and information-preserving refinement, suggesting generalization of the framework to a wider class of 4-ary hyperproperties.

Future developments in AI and systems verification likely include extension to nondeterministic hardware models, richer forms of speculation (e.g., nested windows modeled with ghost state concepts), and development of high-level program logics or separation logics atop the deductive system to further improve modularity and abstraction capabilities in larger verification projects.

Conclusion

This paper establishes a formal, mechanization-oriented deductive system for contract satisfaction proofs in the context of hardware-software side-channel contracts, grounded in a new notion of relative bisimulation and parameterized coinductive reasoning. The approach is both theoretically robust and practically applicable, supporting mechanized proofs of key security contracts for modern CPU features, and extensible via up-to techniques for enhanced proof modularity. The framework sets a new standard for rigorous, sound, and incremental hardware contract validation, offering clear pathways for further expansion in AI and computer security research.