3,616 research outputs found
A Complete Axiomatisation for Quantifier-Free Separation Logic
We present the first complete axiomatisation for quantifier-free separation
logic. The logic is equipped with the standard concrete heaplet semantics and
the proof system has no external feature such as nominals/labels. It is not
possible to rely completely on proof systems for Boolean BI as the concrete
semantics needs to be taken into account. Therefore, we present the first
internal Hilbert-style axiomatisation for quantifier-free separation logic. The
calculus is divided in three parts: the axiomatisation of core formulae where
Boolean combinations of core formulae capture the expressivity of the whole
logic, axioms and inference rules to simulate a bottom-up elimination of
separating connectives, and finally structural axioms and inference rules from
propositional calculus and Boolean BI with the magic wand
Resource Usage Protocols for Iterators
We discuss usage protocols for iterator objects that prevent concurrent modifications of the underlying collection while iterators are in progress. We formalize these protocols in Java-like object interfaces, enriched with separation logic contracts. We present examples of iterator clients and proofs that they adhere to the iterator protocol, as well as examples of iterator implementations and proofs that they implement the iterator interface
Witnessing the elimination of magic wands
This paper discusses static verification of programs that have been specified using separation logic with magic wands. Magic wands are used to specify incomplete resources in separation logic, i.e., if missing resources are provided, a magic wand allows one to exchange these for the completed resources. One of the applications of the magic wand operator is to describe loop invariants for algorithms that traverse a data structure, such as the imperative version of the tree delete problem (Challenge 3 from the VerifyThis@FM2012 Program Verification Competition), which is the motivating example for our work.\ud
\ud
Most separation logic based static verification tools do not provide support for magic wands, possibly because validity of formulas containing the magic wand is, by itself, undecidable. To avoid this problem, in our approach the program annotator has to provide a witness for the magic wand, thus circumventing undecidability due to the use of magic wands. A witness is an object that encodes both instructions for the permission exchange that is specified by the magic wand and the extra resources needed during that exchange. We show how this witness information is used to encode a specification with magic wands as a specification without magic wands. Concretely, this approach is used in the VerCors tool set: annotated Java programs are encoded as Chalice programs. Chalice then further translates the program to BoogiePL, where appropriate proof obligations are generated. Besides our encoding of magic wands, we also discuss the encoding of other aspects of annotated Java programs into Chalice, and in particular, the encoding of abstract predicates with permission parameters. We illustrate our approach on the tree delete algorithm, and on the verification of an iterator of a linked list
The Complexity of Prenex Separation Logic with One Selector
We first show that infinite satisfiability can be reduced to finite
satisfiability for all prenex formulas of Separation Logic with
selector fields (\seplogk{k}). Second, we show that this entails the
decidability of the finite and infinite satisfiability problem for the class of
prenex formulas of \seplogk{1}, by reduction to the first-order theory of one
unary function symbol and unary predicate symbols. We also prove that the
complexity is not elementary, by reduction from the first-order theory of one
unary function symbol. Finally, we prove that the Bernays-Sch\"onfinkel-Ramsey
fragment of prenex \seplogk{1} formulae with quantifier prefix in the
language is \pspace-complete. The definition of a complete
(hierarchical) classification of the complexity of prenex \seplogk{1},
according to the quantifier alternation depth is left as an open problem
Permission-Based Separation Logic for Multithreaded Java Programs
This paper presents a program logic for reasoning about multithreaded
Java-like programs with dynamic thread creation, thread joining and reentrant
object monitors. The logic is based on concurrent separation logic. It is the
first detailed adaptation of concurrent separation logic to a multithreaded
Java-like language. The program logic associates a unique static access
permission with each heap location, ensuring exclusive write accesses and
ruling out data races. Concurrent reads are supported through fractional
permissions. Permissions can be transferred between threads upon thread
starting, thread joining, initial monitor entrancies and final monitor exits.
In order to distinguish between initial monitor entrancies and monitor
reentrancies, auxiliary variables keep track of multisets of currently held
monitors. Data abstraction and behavioral subtyping are facilitated through
abstract predicates, which are also used to represent monitor invariants,
preconditions for thread starting and postconditions for thread joining.
Value-parametrized types allow to conveniently capture common strong global
invariants, like static object ownership relations. The program logic is
presented for a model language with Java-like classes and interfaces, the
soundness of the program logic is proven, and a number of illustrative examples
are presented
Witnessing the elimination of magic wands
This paper discusses the use and verification of magic wands. Magic wands are used to specify incomplete resources in separation logic, i.e., if missing resources are provided, a magic wand allows one to exchange these for the completed resources. We show how the magic wand operator is suitable to describe loop invariants for algorithms that traverse a data structure, such as the imperative version of the tree delete problem (Challenge 3 from the VerifyThis@FM2012 Program Verification Competition). Most separation-logic-based verification tools do not provide support for magic wands, possibly because validity of formulas containing the magic wand is, by itself, undecidable. To avoid this problem, in our approach the program annotator has to provide a witness for the magic wand, thus circumventing undecidability due to the use of magic wands. We show how this witness information is used to encode a specification with magic wands as a specification without magic wands. Concretely this approach is used in the VerCors tool set: annotated Java programs are encoded as Chalice programs. Chalice then further translates the program to BoogiePL, where appropriate proof obligations are generated. Besides our encoding of magic wands, we also discuss the encoding of other aspects of annotated Java programs into Chalice, and in particular, the encoding of abstract predicates with permission parameters. We illustrate our approach on the tree delete algorithm, and on the verification of an iterator of a linked list
Completeness for a First-order Abstract Separation Logic
Existing work on theorem proving for the assertion language of separation
logic (SL) either focuses on abstract semantics which are not readily available
in most applications of program verification, or on concrete models for which
completeness is not possible. An important element in concrete SL is the
points-to predicate which denotes a singleton heap. SL with the points-to
predicate has been shown to be non-recursively enumerable. In this paper, we
develop a first-order SL, called FOASL, with an abstracted version of the
points-to predicate. We prove that FOASL is sound and complete with respect to
an abstract semantics, of which the standard SL semantics is an instance. We
also show that some reasoning principles involving the points-to predicate can
be approximated as FOASL theories, thus allowing our logic to be used for
reasoning about concrete program verification problems. We give some example
theories that are sound with respect to different variants of separation logics
from the literature, including those that are incompatible with Reynolds's
semantics. In the experiment we demonstrate our FOASL based theorem prover
which is able to handle a large fragment of separation logic with heap
semantics as well as non-standard semantics.Comment: This is an extended version of the APLAS 2016 paper with the same
titl
- …