梁红瑾,张昱,陈意云,李兆鹏,华保健

DOI: https://doi.org/10.3724/sp.j.1001.2010.03783

2010-01-01

Journal of Software

Abstract:A pointer logic is designed for a C-like programming language PointerC.The pointer logic is an extension of Hoare logic,and it uses the idea of precise alias analysis in pointer program verification to support safety verification of programs in which equality of pointers is well-regulated.This paper presents an extension to the pointer logic by introducing a set of uncertain-equality pointer access path sets,so as to reason in the extended pointer logic about properties of programs which manipulate data structures like directed graph in which equality of pointers is uncertain.

Wanyun Su,Zhilin Wu,Mihaela Sighireanu

2024-03-04

Abstract:Pointer arithmetic is widely used in low-level programs, e.g. memory allocators. The specification of such programs usually requires using pointer arithmetic inside inductive definitions to define the common data structures, e.g. heap lists in memory allocators. In this work, we investigate decision problems for SLAH, a separation logic fragment that allows pointer arithmetic inside inductive definitions, thus enabling specification of properties for programs manipulating heap lists. Pointer arithmetic inside inductive definitions is challenging for automated reasoning. We tackle this challenge and achieve decision procedures for both satisfiability and entailment of SLAH formulas. The crux of our decision procedure for satisfiability is to compute summaries of inductive definitions. We show that although the summary is naturally expressed as an existentially quantified non-linear arithmetic formula, it can actually be transformed into an equivalent linear arithmetic formula. The decision procedure for entailment, on the other hand, has to match and split the spatial atoms according to the arithmetic relation between address variables. We report on the implementation of these decision procedures and their good performance in solving problems issued from the verification of building block programs used in memory allocators.

Logic in Computer Science

Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.48550/arXiv.0912.4184

2009-12-21

Abstract:This paper presents an extension to Hoare logic for pointer program verification. First, the Logic for Partial Function (LPF) used by VDM is extended to specify memory access using pointers and memory layout of composite types. Then, the concepts of data-retrieve functions (DRF) and memory-scope functions (MSF) are introduced in this paper. People can define DRFs to retrieve abstract values from interconnected concrete data objects. The definition of the corresponding MSF of a DRF can be derived syntactically from the definition of the DRF. This MSF computes the set of memory units accessed when the DRF retrieves an abstract value. This memory unit set is called the memory scope of the abstract value. Finally, the proof rule of assignment statements in Hoare's logic is modified to deal with pointers. The basic idea is that a virtual value keeps unmodified as long as no memory unit in its scope is over-written. Another proof rule is added for memory allocation statements. The consequence rule and the rules for control-flow statements are slightly modified. They are essentially same as their original version in Hoare logic. An example is presented to show the efficacy of this logic. We also give some heuristics on how to verify pointer programs.

Logic in Computer Science

Liu Yijing,Qiu Zongyan

DOI: https://doi.org/10.1007/978-3-642-27269-1_6

2012-01-01

Abstract:We present a general storage model that reflects features of object oriented (OO) languages with pure reference semantics. Based on this model, we develop an OO Separation Logic (OOSL) to specify and verify OO programs. Many inference rules in the Separation Logic still hold in OOSL. Additionally, OOSL has certain properties important to OO reasoning. We introduce HoareTriple for a small OO language, and use the Schorr-Waite Marking Algorithm as a verification example.

Zhao Jianhua,Li Xuandong

DOI: https://doi.org/10.1007/978-3-642-39718-9_24

2013-01-01

Abstract:This paper presents an extension to Hoare Logic for pointer program verification. The main observation leading to this logic is that the value of an expression e depends only on the contents stored in a finite set of memory units. This set can be specified using another expression (called the memory scope of e) constructed syntactically from e. A set of construction rules are given in this paper for expressions which may contain recursive functions (predicates). It is also observed that the memory scope of e is a super set of the memory scope of the memory scope of e. Based on this, local reasoning can be supported using assertion variables which represent arbitrary assertions. Program-point-specific expressions are used to specify the relations between different program points. Another feature of this logic is that for formulas with no user-defined functions, the weakest-preconditions can be calculated w.r.t. assignments.

Tianyue Cao,Bowen Zhang,Zhao Jin,Yongzhi Cao,Hanpin Wang

DOI: https://doi.org/10.48550/arxiv.2301.06237

2023-01-01

Abstract: Separation logic and its variants can describe various properties on pointer programs. However, when it comes to properties on sequences, one may find it hard to formalize. To deal with properties on variable-length sequences and multilevel data structures, we propose sequence-heap separation logic which integrates sequences into logical reasoning on heap-manipulated programs. Quantifiers over sequence variables and singleton heap storing sequence (sequence singleton heap) are new members in our logic. Further, we study the satisfiability problem of two fragments. The propositional fragment of sequence-heap separation logic is decidable, and the fragment with 2 alternations on program variables and 1 alternation on sequence variables is undecidable. In addition, we explore boundaries between decidable and undecidable fragments of the logic with prenex normal form.

K. Tuncay Tekle,Yanhong A. Liu

DOI: https://doi.org/10.1017/S1471068416000405

2016-08-08

Abstract:Pointer analysis is a fundamental static program analysis for computing the set of objects that an expression can refer to. Decades of research has gone into developing methods of varying precision and efficiency for pointer analysis for programs that use different language features, but determining precisely how efficient a particular method is has been a challenge in itself. For programs that use different language features, we consider methods for pointer analysis using Datalog and extensions to Datalog. When the rules are in Datalog, we present the calculation of precise time complexities from the rules using a new algorithm for decomposing rules for obtaining the best complexities. When extensions such as function symbols and universal quantification are used, we describe algorithms for efficiently implementing the extensions and the complexities of the algorithms. This paper is under consideration for acceptance in TPLP.

Programming Languages,Computational Complexity,Logic in Computer Science

Bouillaguet Quentin,Bobot François,Sighireanu Mihaela,Yakobowski Boris

DOI: https://doi.org/10.48550/arXiv.1811.12515

2018-11-30

Abstract:Cooperation between verification methods is crucial to tackle the challenging problem of software verification. The paper focuses on the verification of C programs using pointers and it formalizes a cooperation between static analyzers doing pointer analysis and a deductive verification tool based on first order logic. We propose a framework based on memory models that captures the partitioning of memory inferred by pointer analyses, and complies with the memory models used to generate verification conditions. The framework guided us to propose a pointer analysis that accommodates to various low-level operations on pointers while providing precise information about memory partitioning to the deductive verification. We implemented this cooperation inside the Frama-C platform and we show its effectiveness in reducing the task of deductive verification on a complex case study.

Programming Languages

Taolue Chen,Fu Song,Zhilin Wu

DOI: https://doi.org/10.4230/lipics.concur.2017.37

2017-01-01

Abstract:In 2011, Cook et al. showed that the satisfiability and entailment can be checked in polynomial time for a fragment of separation logic that allows for reasoning about programs with pointers and linked lists. In this paper, we investigate whether the tractability results can be extended to more expressive fragments of separation logic that allow defining data structures beyond linked lists. To this end, we introduce separation logic with a simply-nonlinear compositional inductive predicate where source, destination, and static parameters are identified explicitly (SLID[snc]). We show that if the inductive predicate has more than one source (destination) parameter, the satisfiability problem for SLID[snc] becomes intractable in general. This is exemplified by an inductive predicate for doubly linked list segments. By contrast, if the inductive predicate has only one source (destination) parameter, the satisfiability and entailment problems for SLID[snc] are tractable. In particular, the tractability results hold for inductive predicates that define list segments with tail pointers and trees with one hole.

Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.48550/arXiv.1012.2553

2010-12-13

Abstract:This paper presents an extension to Hoare logic for pointer program verification. Logic formulas with user-defined recursive functions are used to specify properties on the program states before/after program executions. Three basic functions are introduced to represents memory access, record-field access and array-element access. Some axioms are introduced to specify these basic functions in our logic. The concept Memory Scope Function (MSF) is introduced in our logic. Given a recursive function $f$, the MSF of $f$ computes the set of memory units accessed during the evaluation of $f$. A set of rules are given to derive the definition of this MSF syntactically from the definition of $f$. As MSFs are also recursive functions, they also have their MSFs. An axiom is given to specify that an MSF contains its MSF. Based on this axiom, local reasoning is supported with predicate variables. Pre-state terms are used to specify the relations between pre-states and post-states. People can use pre-state terms in post-conditions to represents the values on the pre-state. The axiom of assignment statements in Hoare's logic is modified to deal with pointers. The basic idea is that during the program execution, a recursive function is evaluated to the same value as long as no memory unit in its memory scope is modified. Another proof rule is added for memory allocation statements. We use a simple example to show that our logic can deal with pointer programs in this paper. In the appendix, the Shorre-Waite algorithm is proved using our logic. We also use the selection-sort program to show that our logic can be used to prove program with indirectly-specified components.

Logic in Computer Science

Youngju Song,Minki Cho,Dongjae Lee,Chung-Kil Hur

DOI: https://doi.org/10.48550/arXiv.2109.02991

2021-09-07

Abstract:Contextual refinement and separation logics are successful verification techniques that are very different in nature. First, the former guarantees behavioral refinement between a concrete program and an abstract program while the latter guarantees safety of a concrete program under certain conditions (expressed in terms of pre and post conditions). Second, the former does not allow any assumption about the context when locally reasoning about a module while the latter allows rich assumptions. In this paper, we present a new verification technique, called abstraction logic (AL), that inherently combines contextual refinement and separation logics such as Iris and VST, thereby taking the advantages of both. Specifically, AL allows us to locally verify a concrete module against an abstract module under separation-logic-style pre and post conditions about external modules. AL are fully formalized in Coq and provides a proof mode that supports a combination of simulation-style reasoning using our own tactics and SL-style reasoning using IPM (Iris Proof Mode). Using the proof mode, we verified various examples to demonstrate reasoning about ownership (based on partial commutative monoids) and purity ($i.e.$, termination with no system call), cyclic and higher-order reasoning about mutual recursion and function pointers, and reusable and gradual verification via intermediate abstractions. Also, the verification results are combined with CompCert, so that we formally establish behavioral refinement from top-level abstract programs, all the way down to their assembly code.

Programming Languages

Frederik Lerbjerg Aagaard,Jonathan Sterling,Lars Birkedal

DOI: https://doi.org/10.46298/entics.12232

2023-11-18

Abstract:Separation logic is used to reason locally about stateful programs. State of the art program logics for higher-order store are usually built on top of untyped operational semantics, in part because traditional denotational methods have struggled to simultaneously account for general references and parametric polymorphism. The recent discovery of simple denotational semantics for general references and polymorphism in synthetic guarded domain theory has enabled us to develop TULIP, a higher-order separation logic over the typed equational theory of higher-order store for a monadic version of System F{mu,ref}. The Tulip logic differs from operationally-based program logics in two ways: predicates range over the meanings of typed terms rather than over the raw code of untyped terms, and they are automatically invariant under the equational congruence of higher-order store, which applies even underneath a binder. As a result, "pure" proof steps that conventionally require focusing the Hoare triple on an operational redex are replaced by a simple equational rewrite in Tulip. We have evaluated Tulip against standard examples involving linked lists in the heap, comparing our abstract equational reasoning with more familiar operational-style reasoning. Our main result is the soundness of Tulip, which we establish by constructing a BI-hyperdoctrine over the denotational semantics of F{mu,ref} in an impredicative version of synthetic guarded domain theory.

Programming Languages,Logic in Computer Science

Ira Fesefeldt,Joost-Pieter Katoen,Thomas Noll

2024-09-30

Abstract:In this paper, we develop a novel verification technique to reason about programs featuring concurrency, pointers and randomization. While the integration of concurrency and pointers is well studied, little is known about the combination of all three paradigms. To close this gap, we combine two kinds of separation logic -- Quantitative Separation Logic and Concurrent Separation Logic -- into a new separation logic that enables reasoning about lower bounds of the probability to realise a postcondition by executing such a program.

Logic in Computer Science,Programming Languages

Mehrnoosh Sadrzadeh,Roy Dyckhoff

DOI: https://doi.org/10.48550/arXiv.0903.2448

2009-03-24

Abstract:We consider a simple modal logic whose non-modal part has conjunction and disjunction as connectives and whose modalities come in adjoint pairs, but are not in general closure operators. Despite absence of negation and implication, and of axioms corresponding to the characteristic axioms of (e.g.) T, S4 and S5, such logics are useful, as shown in previous work by Baltag, Coecke and the first author, for encoding and reasoning about information and misinformation in multi-agent systems. For such a logic we present an algebraic semantics, using lattices with agent-indexed families of adjoint pairs of operators, and a cut-free sequent calculus. The calculus exploits operators on sequents, in the style of "nested" or "tree-sequent" calculi; cut-admissibility is shown by constructive syntactic methods. The applicability of the logic is illustrated by reasoning about the muddy children puzzle, for which the calculus is augmented with extra rules to express the facts of the muddy children scenario.

Logic in Computer Science,Multiagent Systems

Xincai Gu,Taolue Chen,Zhilin Wu

DOI: https://doi.org/10.1007/978-3-319-40229-1_36

2016-01-01

Abstract:Separation logic is a widely adopted formalism to verify programs manipulating dynamic data structures. Entailment checking of separation logic constitutes a crucial step for the verification of such programs. In general this problem is undecidable, hence only incomplete decision procedures are provided in most state-of-the-art tools. In this paper, we define a linearly compositional fragment of separation logic with inductive definitions, where traditional shape properties for linear data structures, as well as data constraints, e.g., the sortedness property and size constraints, can be specified in a unified framework. We provide complete decision procedures for both the satisfiability and the entailment problem, which are in NP and $$\\mathrm{\\varPi }^\\mathrm{P}_3$$ respectively.

Hongjin Liang,Yu Zhang,Yiyun Chen

2010-01-01

Abstract:Pointer programs remain a major challenge for program analysis and verification. Shape analysis can discover the shape invariants of data structures in the heap and detect errors about manipulating pointers in a program. This paper presents a shape analysis for linked list programs based on a new shape graph representation. Our shape graphs could describe unbounded data structures without loss of pointer information. A novel shape system is designed to help the shape analysis. The shape system contains a set of shape inference rules to deduce the shapes of the heap contents at each program point and a set of shape checking rules to find shape errors in pointer programs. In the shape system, programmers are expected to declare the shapes of the data structures constructed by recursive data types and to annotate each pointer variable with the shape of the objects which it should point to, so that compilers or other tools can check whether the programs have shape errors and generate loop invariants and even pre/post conditions for program verification. Keywords-Shape Graph, Loop Invariant Inference, Shape Analysis, Program Analysis, Pointer Logic

Noam Zilberstein,Angelina Saliling,Alexandra Silva

DOI: https://doi.org/10.1145/3649821

2024-03-14

Abstract:Separation logic's compositionality and local reasoning properties have led to significant advances in scalable static analysis. But program analysis has new challenges -- many programs display computational effects and, orthogonally, static analyzers must handle incorrectness too. We present Outcome Separation Logic (OSL), a program logic that is sound for both correctness and incorrectness reasoning in programs with varying effects. OSL has a frame rule -- just like separation logic -- but uses different underlying assumptions that open up local reasoning to a larger class of properties than can be handled by any single existing logic. Building on this foundational theory, we also define symbolic execution algorithms that use bi-abduction to derive specifications for programs with effects. This involves a new tri-abduction procedure to analyze programs whose execution branches due to effects such as nondeterministic or probabilistic choice. This work furthers the compositionality promised by separation logic by opening up the possibility for greater reuse of analysis tools across two dimensions: bug-finding vs verification in programs with varying effects.

Logic in Computer Science,Programming Languages

Richard Bornat,Jade Alglave,Matthew Parkinson

DOI: https://doi.org/10.48550/arXiv.1512.01416

2016-11-05

Abstract:We describe a program logic for weak memory (also known as relaxed memory). The logic is based on Hoare logic within a thread, and rely/guarantee between threads. It is presented via examples, giving proofs of many weak-memory litmus tests. It extends to coherence but not yet to synchronised assignment (compare-and-swap, load-logical/store-conditional). It deals with conditionals and loops but not yet arrays or heap. The logic uses a version of Hoare logic within threads, and a version of rely/guarantee between threads, with five stability rules to handle various kinds of parallelism (external, internal, propagation-free and two kinds of in-flight parallelism). There are $\mathbb{B}$ and $\mathbb{U}$ modalities to regulate propagation, and temporal modalities $\mathsf{since}$, $\mathbb{S}\mathsf{ofar}$ and $\mathbb{O}\mathsf{uat}$ to deal with global coherence (SC per location). The logic is presented by example. Proofs and unproofs of about thirty weak-memory examples, including many litmus tests in various guises, are dealt with in detail. There is a proof of a version of the token ring. In version 2: The correspondence with Herding Cats has been clarified. The stability rules have been simplified: in particular the sat and x= x tests have been eliminated from external stability checks. The embedding is simplified and has a more transparent relation to the mechanisms of the logic. Definitions of U, Sofar and Ouat have been considerably altered. The description of modalities and the treatment of termination has been reworked. Many proofs are reconstructed. A comprehensive summary of the logic is an appendix.

Logic in Computer Science

Yijing Liu,Quan Long,Qiu Zongyan

2009-01-01

Abstract:For the object oriented paradigm, providing a relatively rich model language equipped with formal semantics for practical reasoning is an important and long-standing open problem. In this work, μJava, a sufficient large subset of sequential Java is defined. An OO Separation Logic with pure reference semantic model is developed. Facilitated by this logic, the Weakest Precondition (WP) semantics for μJavais defined, and its soundness and completeness are proved. As far as we know, this is the first work on the completeness of such a semantics. Some key properties are shown still hold, especially the frame rule that is important for local reasoning. Additionally, we find some properties absent in the original Separation Logic, but important for OO reasoning. We introduce Hoare Triple based on the WP semantics. As the application and illustration of how the WP semantics serve the verification of OO programs, some examples are given, with the class invariant proof in a case study. We anticipate that this work would be helpful for the disciplines of OO software verification and refinement.

Zhang Chenghong,Hu Yunfa,Shi Baile

DOI: https://doi.org/10.1007/bf02943153

IF: 1.871

1997-01-01

Journal of Computer Science and Technology

Abstract:Based on the approach implementing a deductive object-oriented database system through the underlying relational database, this paper presents an object reasoning language O-Datalog, which is the extension of Datalog in form and can deal with object-oriented data. For any O-Datalog program, an equivalent Datalog program can be built to help evaluate the original program. This paper focuses on the syntax, semantics and evaluation of O-Datalog.