Model checking for symbolic-heap separation logic with inductive predicates

We investigate the model checking problem for symbolic-heap separation logic with user-defined inductive predicates, i.e., the problem of checking that a given stack-heap memory state satisfies a given formula in this language, as arises e.g. in software testing or runtime verification. First, we show that the problem is decidable; specifically, we present a bottom-up fixed point algorithm that decides the problem and runs in exponential time in the size of the problem instance. Second, we show that, while model checking for the full language is EXPTIME-complete, the problem becomes NP-complete or PTIME-solvable when we impose natural syntactic restrictions on the schemata defining the inductive predicates. We additionally present NP and PTIME algorithms for these restricted fragments. Finally, we report on the experimental performance of our procedures on a variety of specifications extracted from programs, exercising multiple combinations of syntactic restrictions

Model checking for symbolic-heap separation logic with inductive predicates

We investigate the *model checking* problem for symbolic-heap separation logic with user-defined inductive predicates, i.e., the problem of checking that a given stack-heap memory state satisfies a given formula in this language, as arises e.g. in software testing or runtime verification. First, we show that the problem is *decidable*; specifically, we present a bottom-up fixed point algorithm that decides the problem and runs in exponential time in the size of the problem instance. Second, we show that, while model checking for the full language is EXPTIME-complete, the problem becomes NP-complete or PTIME-solvable when we impose natural syntactic restrictions on the schemata defining the inductive predicates. We additionally present NP and PTIME algorithms for these restricted fragments. Finally, we report on the experimental performance of our procedures on a variety of specifications extracted from programs, exercising multiple combinations of syntactic restrictions

Binary Heaps Formally Verified in Why3

The VACID-0 benchmarks is a set of small programs which pose challenges for formal verification of their functional behavior. This paper reports on the formal verification of one of these challenges: binary heaps. The solution given here is performed using the Why3 environment for program verification. The expected behavior of the program is specified in Why3 logic, structured using the constructs for building hierarchies of theories provided by Why3. The proofs are achieved by a significant amount of automation, using SMT solvers for a large majority of the verification conditions generated, whereas the remaining verification conditions are discharged by interactive constructions of proof scripts using the Coq proof assistant. The general aim of this case study is to demonstrate the usability and efficiency of both the Why3 specification language and the accompanying tools, which offer a fairly advanced environment for specification while keeping a significant amount of automation of proofs.Les benchmarks VACID-0 forment une collection de petits programmes qui posent des défis pour la vérification formelle de leur comportement fonctionnel. Ce rapport présente la vérification formelle de l'un de ces exemples: les tas binaires. La solution présentée utilise l'environnement pour la vérification Why3. Le comportement attendu est spécifié dans la logique de Why3, de façon structurée grâce aux constructions hiérarchiques de théories proposées par Why3. Les preuves sont effectuées de façon largement automatiques, car les prouveurs SMT disponibles en sortie de Why3 résolvent un pourcentage significatif des obligations de preuves engendrées, le reste étant prouvé interactivement avec l'assistant de preuve Coq. La motivation de cette étude de cas est de démontrer l'utilisabilité et l'efficacité à la fois du langage de spécification de Why3 et des outils associés, qui fournissent un langage puissant de spécification tout en permettant une automatisation importante des preuves