318,815 research outputs found
Permission-Based Separation Logic for Multithreaded Java Programs
This paper presents a program logic for reasoning about multithreaded
Java-like programs with dynamic thread creation, thread joining and reentrant
object monitors. The logic is based on concurrent separation logic. It is the
first detailed adaptation of concurrent separation logic to a multithreaded
Java-like language. The program logic associates a unique static access
permission with each heap location, ensuring exclusive write accesses and
ruling out data races. Concurrent reads are supported through fractional
permissions. Permissions can be transferred between threads upon thread
starting, thread joining, initial monitor entrancies and final monitor exits.
In order to distinguish between initial monitor entrancies and monitor
reentrancies, auxiliary variables keep track of multisets of currently held
monitors. Data abstraction and behavioral subtyping are facilitated through
abstract predicates, which are also used to represent monitor invariants,
preconditions for thread starting and postconditions for thread joining.
Value-parametrized types allow to conveniently capture common strong global
invariants, like static object ownership relations. The program logic is
presented for a model language with Java-like classes and interfaces, the
soundness of the program logic is proven, and a number of illustrative examples
are presented
Foundations for decision problems in separation logic with general inductive predicates
Abstract. We establish foundational results on the computational com-plexity of deciding entailment in Separation Logic with general induc-tive predicates whose underlying base language allows for pure formulas, pointers and existentially quantified variables. We show that entailment is in general undecidable, and ExpTime-hard in a fragment recently shown to be decidable by Iosif et al. Moreover, entailment in the base language is Î P2-complete, the upper bound even holds in the presence of list predicates. We additionally show that entailment in essentially any fragment of Separation Logic allowing for general inductive predicates is intractable even when strong syntactic restrictions are imposed.
A General Approach to Under-Approximate Reasoning About Concurrent Programs
There is a large body of work on concurrent reasoning including Rely-Guarantee (RG) and Concurrent Separation Logics. These theories are over-approximate: a proof identifies a superset of program behaviours and thus implies the absence of certain bugs. However, failure to find a proof does not imply their presence (leading to false positives in over-approximate tools). We describe a general theory of under-approximate reasoning for concurrency. Our theory incorporates ideas from Concurrent Incorrectness Separation Logic and RG based on a subset rather than a superset of interleavings. A strong motivation of our work is detecting software exploits; we do this by developing concurrent adversarial separation logic (CASL), and use CASL to detect information disclosure attacks that uncover sensitive data (e.g. passwords) and out-of-bounds attacks that corrupt data. We also illustrate our approach with classic concurrency idioms that go beyond prior under-approximate theories which we believe can inform the design of future concurrent bug detection tools
Staged Specifications for Automated Verification of Higher-Order Imperative Programs
Higher-order functions and imperative references are language features
supported by many mainstream languages. Their combination enables the ability
to package references to code blocks with the captured state from their
environment. Higher-order imperative programs are expressive and useful, but
complicate formal specification and reasoning due to the use of
yet-to-be-instantiated function parameters, especially when their invocations
may mutate memory captured by or reachable from their arguments.
Existing state-of-the-art works for verifying higher-order imperative
behaviors are restricted in two ways: achieving strong theoretical results
without automated implementations, or achieving automation with the help of
strong assumptions from dedicated type systems (e.g. Rust). To enable an
automated verification solution for imperative languages without the above
restrictions, we introduce Higher-order Staged Separation Logic (HSSL), an
extension of Hoare logic for call-by-value higher-order functions with ML-like
local references.
In this paper, we design a novel staged specification logic, prove its
soundness, develop a new automated higher-order verifier, Heifer, for a core
OCaml-like language, report on experimental results, and present various case
studies investigating its capabilities
Leaf: Modularity for Temporary Sharing in Separation Logic (Extended Version)
In concurrent verification, separation logic provides a strong story for
handling both resources that are owned exclusively and resources that are
shared persistently (i.e., forever). However, the situation is more complicated
for temporarily shared state, where state might be shared and then later
reclaimed as exclusive. We believe that a framework for temporarily-shared
state should meet two key goals not adequately met by existing techniques. One,
it should allow and encourage users to verify new sharing strategies. Two, it
should provide an abstraction where users manipulate shared state in a way
agnostic to the means with which it is shared.
We present Leaf, a library in the Iris separation logic which accomplishes
both of these goals by introducing a novel operator, which we call guarding,
that allows one proposition to represent a shared version of another. We
demonstrate that Leaf meets these two goals through a modular case study: we
verify a reader-writer lock that supports shared state, and a hash table built
on top of it that uses shared state
Approximate formulae for a logic that capture classes of computational complexity
This is a pre-copy-editing, author-produced PDF of an article accepted for publication in Logic Journal of IGPL following peer review. The definitive publisher-authenticated version Arratia, Argimiro; Ortiz, Carlos E. Approximate formulae for a logic that capture classes of computational complexity. Logic Journal of IGPL, 2009, vol. 17, p. 131-154 is available online at: http://jigpal.oxfordjournals.org/cgi/reprint/17/1/131?maxtoshow=&hits=10&RESULTFORMAT=&fulltext=Approximate+formulae+for+a+logic+that+capture+classes+of+computational+complexity&searchid=1&FIRSTINDEX=0&resourcetype=HWCITThis paper presents a syntax of approximate formulae suited for the logic with counting quantifiers SOLP. This logic was formalised by us in [1] where, among other properties, we showed the following facts: (i) In the presence of a built–in (linear) order, SOLP can describe NP–complete problems and some of its fragments capture the classes P and NL; (ii) weakening the ordering relation to
an almost order we can separate meaningful fragments, using a combinatorial tool
adapted to these languages.
The purpose of our approximate formulae is to provide a syntactic approximation
to the logic SOLP, enhanced with a built-in order, that should be complementary of the semantic approximation based on almost orders, by means of producing logics where problems are syntactically described within a small counting error. We introduce a concept of strong expressibility based on approximate formulae, and show that for many fragments of SOLP with built-in order, including ones that capture P and NL, expressibility and strong expressibility are
equivalent. We state and prove a Bridge Theorem that links expressibility in
fragments of SOLP over almost-ordered structures to strong expressibility with
respect to approximate formulae for the corresponding fragments over ordered
structures. A consequence of these results is that proving inexpressibility over
fragments of SOLP with built-in order could be done by proving inexpressibility
over the corresponding fragments with built-in almost order, where separation
proofs are allegedly easier.Peer ReviewedPostprint (author’s final draft
- …