85,829 research outputs found
Relational Parametricity and Separation Logic
Separation logic is a recent extension of Hoare logic for reasoning about
programs with references to shared mutable data structures. In this paper, we
provide a new interpretation of the logic for a programming language with
higher types. Our interpretation is based on Reynolds's relational
parametricity, and it provides a formal connection between separation logic and
data abstraction
Two for the Price of One: Lifting Separation Logic Assertions
Recently, data abstraction has been studied in the context of separation
logic, with noticeable practical successes: the developed logics have enabled
clean proofs of tricky challenging programs, such as subject-observer patterns,
and they have become the basis of efficient verification tools for Java
(jStar), C (VeriFast) and Hoare Type Theory (Ynot). In this paper, we give a
new semantic analysis of such logic-based approaches using Reynolds's
relational parametricity. The core of the analysis is our lifting theorems,
which give a sound and complete condition for when a true implication between
assertions in the standard interpretation entails that the same implication
holds in a relational interpretation. Using these theorems, we provide an
algorithm for identifying abstraction-respecting client-side proofs; the proofs
ensure that clients cannot distinguish two appropriately-related module
implementations
Permission-Based Separation Logic for Multithreaded Java Programs
This paper presents a program logic for reasoning about multithreaded
Java-like programs with dynamic thread creation, thread joining and reentrant
object monitors. The logic is based on concurrent separation logic. It is the
first detailed adaptation of concurrent separation logic to a multithreaded
Java-like language. The program logic associates a unique static access
permission with each heap location, ensuring exclusive write accesses and
ruling out data races. Concurrent reads are supported through fractional
permissions. Permissions can be transferred between threads upon thread
starting, thread joining, initial monitor entrancies and final monitor exits.
In order to distinguish between initial monitor entrancies and monitor
reentrancies, auxiliary variables keep track of multisets of currently held
monitors. Data abstraction and behavioral subtyping are facilitated through
abstract predicates, which are also used to represent monitor invariants,
preconditions for thread starting and postconditions for thread joining.
Value-parametrized types allow to conveniently capture common strong global
invariants, like static object ownership relations. The program logic is
presented for a model language with Java-like classes and interfaces, the
soundness of the program logic is proven, and a number of illustrative examples
are presented
Stone-Type Dualities for Separation Logics
Stone-type duality theorems, which relate algebraic and
relational/topological models, are important tools in logic because -- in
addition to elegant abstraction -- they strengthen soundness and completeness
to a categorical equivalence, yielding a framework through which both algebraic
and topological methods can be brought to bear on a logic. We give a systematic
treatment of Stone-type duality for the structures that interpret bunched
logics, starting with the weakest systems, recovering the familiar BI and
Boolean BI (BBI), and extending to both classical and intuitionistic Separation
Logic. We demonstrate the uniformity and modularity of this analysis by
additionally capturing the bunched logics obtained by extending BI and BBI with
modalities and multiplicative connectives corresponding to disjunction,
negation and falsum. This includes the logic of separating modalities (LSM), De
Morgan BI (DMBI), Classical BI (CBI), and the sub-classical family of logics
extending Bi-intuitionistic (B)BI (Bi(B)BI). We additionally obtain as
corollaries soundness and completeness theorems for the specific Kripke-style
models of these logics as presented in the literature: for DMBI, the
sub-classical logics extending BiBI and a new bunched logic, Concurrent Kleene
BI (connecting our work to Concurrent Separation Logic), this is the first time
soundness and completeness theorems have been proved. We thus obtain a
comprehensive semantic account of the multiplicative variants of all standard
propositional connectives in the bunched logic setting. This approach
synthesises a variety of techniques from modal, substructural and categorical
logic and contextualizes the "resource semantics" interpretation underpinning
Separation Logic amongst them
Predicate Abstraction for Linked Data Structures
We present Alias Refinement Types (ART), a new approach to the verification
of correctness properties of linked data structures. While there are many
techniques for checking that a heap-manipulating program adheres to its
specification, they often require that the programmer annotate the behavior of
each procedure, for example, in the form of loop invariants and pre- and
post-conditions. Predicate abstraction would be an attractive abstract domain
for performing invariant inference, existing techniques are not able to reason
about the heap with enough precision to verify functional properties of data
structure manipulating programs. In this paper, we propose a technique that
lifts predicate abstraction to the heap by factoring the analysis of data
structures into two orthogonal components: (1) Alias Types, which reason about
the physical shape of heap structures, and (2) Refinement Types, which use
simple predicates from an SMT decidable theory to capture the logical or
semantic properties of the structures. We prove ART sound by translating types
into separation logic assertions, thus translating typing derivations in ART
into separation logic proofs. We evaluate ART by implementing a tool that
performs type inference for an imperative language, and empirically show, using
a suite of data-structure benchmarks, that ART requires only 21% of the
annotations needed by other state-of-the-art verification techniques
A Stone-type Duality Theorem for Separation Logic Via its Underlying Bunched Logics
Stone-type duality theorems, which relate algebraic and relational/topological models, are important tools in logic because â in addition to elegant abstraction â they strengthen soundness and completeness to a categorical equivalence, yielding a framework through which both algebraic and topological methods can be brought to bear on a logic. We give a systematic treatment of Stone-type duality theorems for the structures that interpret bunched logics, starting with the weakest systems, recovering the familiar Boolean BI, and concluding with Separation Logic. Our results encompass all the known existing algebraic approaches to Separation Logic and prove them sound with respect to the standard store-heap semantics. We additionally recover soundness and completeness theorems of the specific truth-functional models of these logics as presented in the literature. This approach synthesises a variety of techniques from modal, substructural and categorical logic and contextualises the âresource semanticsâ interpretation underpinning Separation Logic amongst them. As a consequence, theory from those fields â as well as algebraic and topological methods â can be applied to both Separation Logic and the systems of bunched logics it is built upon. Conversely, the notion of indexed resource frame (generalizing the standard model of Separation Logic) and its associated completeness proof can easily be adapted to other non-classical predicate logics
Recommended from our members
Mechanized Verification with Sharing
We consider software verification of imperative programs by theorem proving in higher-order separation logic. Separation logic is quite effective for reasoning about tree-like data structures, but less so for data structures with more complex sharing patterns. This problem is compounded by some higher-order patterns, such as stateful iterators and visitors, where multiple clients need to share references into a data structure. We show how both styles of sharing can be achieved without sacrificing abstraction using mechanized reasoning about fractional permissions in Hoare Type Theory.Engineering and Applied Science
Exact Separation Logic
Over-approximating (OX) program logics, such as separation logic (SL), are
used for verifying properties of heap-manipulating programs: all terminating
behaviour is characterised, but established results and errors need not be
reachable. OX function specifications are thus incompatible with true
bug-finding supported by symbolic execution tools such as Pulse and Pulse-X. In
contrast, under-approximating (UX) program logics, such as incorrectness
separation logic, are used to find true results and bugs: established results
and errors are reachable, but there is no mechanism for understanding if all
terminating behaviour has been characterised.
We introduce exact separation logic (ESL), which provides fully-verified
function specifications compatible with both OX verification and UX true
bug-funding: all terminating behaviour is characterised, and all established
results and errors are reachable. We prove soundness for ESL with mutually
recursive functions, demonstrating, for the first time, function
compositionality for a UX logic. We show that UX program logics require subtle
definitions of internal and external function specifications compared with the
familiar definitions of OX logics. We investigate the expressivity of ESL and,
for the first time, explore the role of abstraction in UX reasoning by
verifying abstract ESL specifications of various data-structure algorithms. In
doing so, we highlight the difference between abstraction (hiding information)
and over-approximation (losing information). Our findings demonstrate that,
expectedly, abstraction cannot be used as freely in UX logics as in OX logics,
but also that it should be feasible to use ESL to provide tractable function
specifications for self-contained, critical code, which would then be used for
both verification and true bug-finding
- âŠ