biabduction and related problems in array separation logic
play

Biabduction (and Related Problems) in Array Separation Logic James - PowerPoint PPT Presentation

Nov 23, 2022 •221 likes •1.14k views

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 1 UCL 2 Middlesex University University of Vienna, 14 Mar 2017 1/ 19 Compositional proofs in separation logic (1) Separation

  1. Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 1 UCL 2 Middlesex University University of Vienna, 14 Mar 2017 1/ 19

  2. Compositional proofs in separation logic (1) • Separation logic is based on Hoare triples { A } C { B } , where C is a program and A , B are formulas. 2/ 19

  3. Compositional proofs in separation logic (1) • Separation logic is based on Hoare triples { A } C { B } , where C is a program and A , B are formulas. • Its compositional nature, the key to scalable analysis, is supported by two main pillars. 2/ 19

  4. Compositional proofs in separation logic (1) • Separation logic is based on Hoare triples { A } C { B } , where C is a program and A , B are formulas. • Its compositional nature, the key to scalable analysis, is supported by two main pillars. • The first pillar is the soundness of the following frame rule: { A } C { B } (Frame) { A ∗ F } C { B ∗ F } where the separating conjunction ∗ is read, intuitively, as “and separately in memory” . 2/ 19

  5. Compositional proofs in separation logic (2) • The second pillar is given by solving the biabduction problem: 3/ 19

  6. Compositional proofs in separation logic (2) • The second pillar is given by solving the biabduction problem: given formulas A and B , find formulas X , Y with A ∗ X | = B ∗ Y , and A ∗ X is satisfiable. 3/ 19

  7. Compositional proofs in separation logic (2) • The second pillar is given by solving the biabduction problem: given formulas A and B , find formulas X , Y with A ∗ X | = B ∗ Y , and A ∗ X is satisfiable. • Then, if we have { A ′ } C 1 { A } and { B } C 2 { B ′ } , we can infer a spec for C 1 ; C 2 : 3/ 19

  8. Compositional proofs in separation logic (2) • The second pillar is given by solving the biabduction problem: given formulas A and B , find formulas X , Y with A ∗ X | = B ∗ Y , and A ∗ X is satisfiable. • Then, if we have { A ′ } C 1 { A } and { B } C 2 { B ′ } , we can infer a spec for C 1 ; C 2 : { A ′ } C 1 { A } (Frame) { A ′ ∗ X } C 1 { A ∗ X } { B } C 2 { B ′ } ( | =) (Frame) { A ′ ∗ X } C 1 { B ∗ Y } { B ∗ Y } C 2 { B ′ ∗ Y } (;) { A ′ ∗ X } C 1 ; C 2 { B ′ ∗ Y } 3/ 19

  9. Symbolic-heap separation logic • Terms t , pure formulas Π and spatial formulas F given by: ::= x ∈ Var | nil t Π ::= t = t | t � = t | Π ∧ Π ::= emp | t �→ t | ls( t , t ) | F ∗ F F 4/ 19

  10. Symbolic-heap separation logic • Terms t , pure formulas Π and spatial formulas F given by: ::= x ∈ Var | nil t Π ::= t = t | t � = t | Π ∧ Π ::= emp | t �→ t | ls( t , t ) | F ∗ F F • t 1 �→ t 2 (“points-to”) denotes a pointer in the heap. 4/ 19

  11. Symbolic-heap separation logic • Terms t , pure formulas Π and spatial formulas F given by: ::= x ∈ Var | nil t Π ::= t = t | t � = t | Π ∧ Π ::= emp | t �→ t | ls( t , t ) | F ∗ F F • t 1 �→ t 2 (“points-to”) denotes a pointer in the heap. • ls( t 1 , t 2 ) denotes a linked list segment in the heap. 4/ 19

  12. Symbolic-heap separation logic • Terms t , pure formulas Π and spatial formulas F given by: ::= x ∈ Var | nil t Π ::= t = t | t � = t | Π ∧ Π ::= emp | t �→ t | ls( t , t ) | F ∗ F F • t 1 �→ t 2 (“points-to”) denotes a pointer in the heap. • ls( t 1 , t 2 ) denotes a linked list segment in the heap. • ∗ (“and separately”) demarks domain-disjoint heaps. 4/ 19

  13. Symbolic-heap separation logic • Terms t , pure formulas Π and spatial formulas F given by: ::= x ∈ Var | nil t Π ::= t = t | t � = t | Π ∧ Π ::= emp | t �→ t | ls( t , t ) | F ∗ F F • t 1 �→ t 2 (“points-to”) denotes a pointer in the heap. • ls( t 1 , t 2 ) denotes a linked list segment in the heap. • ∗ (“and separately”) demarks domain-disjoint heaps. • Symbolic heaps given by ∃ x . Π : F . 4/ 19

  14. Array separation logic, ASL • Here we focus on a different data structure, namely arrays. 5/ 19

  15. Array separation logic, ASL • Here we focus on a different data structure, namely arrays. • Terms t , pure formulas Π and spatial formulas F given by: t ::= x ∈ Var | n ∈ N | t + t Π ::= t = t | t � = t | t ≤ t | t < t | Π ∧ Π F ::= emp | t �→ t | array( t , t ) | F ∗ F 5/ 19

  16. Array separation logic, ASL • Here we focus on a different data structure, namely arrays. • Terms t , pure formulas Π and spatial formulas F given by: t ::= x ∈ Var | n ∈ N | t + t Π ::= t = t | t � = t | t ≤ t | t < t | Π ∧ Π F ::= emp | t �→ t | array( t , t ) | F ∗ F • array( t 1 , t 2 ) denotes an array from t 1 to t 2 (inclusive): t 2 − t 1 +1 � �� � · · · . . . · · · t 1 t 2 5/ 19

  17. Array separation logic, ASL • Here we focus on a different data structure, namely arrays. • Terms t , pure formulas Π and spatial formulas F given by: t ::= x ∈ Var | n ∈ N | t + t Π ::= t = t | t � = t | t ≤ t | t < t | Π ∧ Π F ::= emp | t �→ t | array( t , t ) | F ∗ F • array( t 1 , t 2 ) denotes an array from t 1 to t 2 (inclusive): t 2 − t 1 +1 � �� � · · · . . . · · · t 1 t 2 • We also allow linear arithmetic in the pure part. 5/ 19

  18. Semantics of ASL • Stacks are s : Var → Val; heaps are h : Loc ⇀ fin Val; ◦ is union of domain-disjoint heaps; e is the empty heap. 6/ 19

  19. Semantics of ASL • Stacks are s : Var → Val; heaps are h : Loc ⇀ fin Val; ◦ is union of domain-disjoint heaps; e is the empty heap. • Forcing relation s , h | = A given by s , h | = t 1 ∼ t 2 ⇔ s ( t 1 ) ∼ s ( t 2 ) ( ∼ ∈ { = , � = , <, ≤} ) s , h | = Π 1 ∧ Π 2 ⇔ s , h | = Π 1 and s , h | = Π 2 6/ 19

  20. Semantics of ASL • Stacks are s : Var → Val; heaps are h : Loc ⇀ fin Val; ◦ is union of domain-disjoint heaps; e is the empty heap. • Forcing relation s , h | = A given by s , h | = t 1 ∼ t 2 ⇔ s ( t 1 ) ∼ s ( t 2 ) ( ∼ ∈ { = , � = , <, ≤} ) s , h | = Π 1 ∧ Π 2 ⇔ s , h | = Π 1 and s , h | = Π 2 s , h | = emp ⇔ h = e s , h | = t 1 �→ t 2 ⇔ dom ( h ) = { s ( t 1 ) } and h ( s ( t 1 )) = s ( t 2 ) 6/ 19

  21. Semantics of ASL • Stacks are s : Var → Val; heaps are h : Loc ⇀ fin Val; ◦ is union of domain-disjoint heaps; e is the empty heap. • Forcing relation s , h | = A given by s , h | = t 1 ∼ t 2 ⇔ s ( t 1 ) ∼ s ( t 2 ) ( ∼ ∈ { = , � = , <, ≤} ) s , h | = Π 1 ∧ Π 2 ⇔ s , h | = Π 1 and s , h | = Π 2 s , h | = emp ⇔ h = e s , h | = t 1 �→ t 2 ⇔ dom ( h ) = { s ( t 1 ) } and h ( s ( t 1 )) = s ( t 2 ) s , h | = array( t 1 , t 2 ) ⇔ s ( t 1 ) ≤ s ( t 2 ) and dom ( h ) = { s ( t 1 ) , . . . , s ( t 2 ) } 6/ 19

  22. Semantics of ASL • Stacks are s : Var → Val; heaps are h : Loc ⇀ fin Val; ◦ is union of domain-disjoint heaps; e is the empty heap. • Forcing relation s , h | = A given by s , h | = t 1 ∼ t 2 ⇔ s ( t 1 ) ∼ s ( t 2 ) ( ∼ ∈ { = , � = , <, ≤} ) s , h | = Π 1 ∧ Π 2 ⇔ s , h | = Π 1 and s , h | = Π 2 s , h | = emp ⇔ h = e s , h | = t 1 �→ t 2 ⇔ dom ( h ) = { s ( t 1 ) } and h ( s ( t 1 )) = s ( t 2 ) s , h | = array( t 1 , t 2 ) ⇔ s ( t 1 ) ≤ s ( t 2 ) and dom ( h ) = { s ( t 1 ) , . . . , s ( t 2 ) } s , h | = F 1 ∗ F 2 ⇔ h = h 1 ◦ h 2 and s , h 1 | = F 1 and s , h 2 | = F 2 6/ 19

  23. Semantics of ASL • Stacks are s : Var → Val; heaps are h : Loc ⇀ fin Val; ◦ is union of domain-disjoint heaps; e is the empty heap. • Forcing relation s , h | = A given by s , h | = t 1 ∼ t 2 ⇔ s ( t 1 ) ∼ s ( t 2 ) ( ∼ ∈ { = , � = , <, ≤} ) s , h | = Π 1 ∧ Π 2 ⇔ s , h | = Π 1 and s , h | = Π 2 s , h | = emp ⇔ h = e s , h | = t 1 �→ t 2 ⇔ dom ( h ) = { s ( t 1 ) } and h ( s ( t 1 )) = s ( t 2 ) s , h | = array( t 1 , t 2 ) ⇔ s ( t 1 ) ≤ s ( t 2 ) and dom ( h ) = { s ( t 1 ) , . . . , s ( t 2 ) } s , h | = F 1 ∗ F 2 ⇔ h = h 1 ◦ h 2 and s , h 1 | = F 1 and s , h 2 | = F 2 s , h | = ∃ z . Π : F ⇔ ∃ v . s [ z �→ v ] , h | = Π and s [ z �→ v ] , h | = F 6/ 19

  24. Motivating example Suppose we have procedure foo with spec { array( c , d ) } foo ( c , d ) { Q } 7/ 19

  25. Motivating example Suppose we have procedure foo with spec { array( c , d ) } foo ( c , d ) { Q } Now, consider code C ; foo ( c , d ); . . . , with spec for C { emp } C { array( a , b ) } 7/ 19

  26. Motivating example Suppose we have procedure foo with spec { array( c , d ) } foo ( c , d ) { Q } Now, consider code C ; foo ( c , d ); . . . , with spec for C { emp } C { array( a , b ) } By solving the biabduction problem array( a , b ) ∗ X | = array( c , d ) ∗ Y we get a valid spec { X } C ; foo ( c , d ) { Q ∗ Y } . 7/ 19

  27. Motivating example Suppose we have procedure foo with spec { array( c , d ) } foo ( c , d ) { Q } Now, consider code C ; foo ( c , d ); . . . , with spec for C { emp } C { array( a , b ) } By solving the biabduction problem array( a , b ) ∗ X | = array( c , d ) ∗ Y we get a valid spec { X } C ; foo ( c , d ) { Q ∗ Y } . Spatially minimal, and incomparable, solutions include: X := a = c ∧ b = d : emp and Y := emp X := d < a : array( c , d ) and Y := array( a , b ) X := a < c ∧ b < d : emp and Y := array( a , c − 1) ∗ array( b + 1 , d ) X := a < c < b < d : array( b + 1 , d ) and Y := array( a , c − 1) 7/ 19

Recommend

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio Mansutti LSV, CNRS, ENS Paris-Saclay Paris - April 2019 What we will see An extension of propositional separation logic that can express some

569 views • 42 slides
Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Dagstuhl, 2015-11-02 Plan for the talk Talk outline Motivation Basic separation logic Concurrent separation logic Frame inference

597 views • 21 slides
Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms Smaller Arthur Charguraud Franois Pottier LTP meeting Saclay, November 28, 2016 Motivation More Motivation Separation Logic with Read-Only

441 views • 27 slides
Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008 Timothe Martiel Research Topics in Software Engineering 1 / 19 Outline 1 From Separation Logic to Inheritance 2 Beyond Separation Logic 3 What About

553 views • 24 slides
An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Logic Summer School, ANU, 7 December 2015 1/ 19

789 views • 63 slides
Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St

Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St

Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St January 14, 2020 1 LSV, CNRS, ENS Paris-Saclay 2 I3S, Universit e C ote dAzur Separation Logic 99 Logic of Bunched Implication ( BI ) [P.

310 views • 27 slides
Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

CS6202: Advanced Topics in Programming Languages and Systems Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model Hoare-style Inference Rules Specification and Annotations Linked List and Segments

1.02k views • 76 slides
Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max

Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max

Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max Kanovich 2 1 Imperial College London 2 Queen Mary University of London LICS-25, University of Edinburgh, 12 July 2010 Separation logic (Reynolds,

1.11k views • 31 slides
Separation logic and fragments: from expressive power to decision procedures St ephane Demri

Separation logic and fragments: from expressive power to decision procedures St ephane Demri

Separation logic and fragments: from expressive power to decision procedures St ephane Demri CNRS Marie Curie Fellow Yorktown Heights, March 2015 In Memoriam: Morgan Deters 2 Overview Separation Logic in a Nutshell 1 2 Expressive

915 views • 55 slides
Field Programmable Gate Array - What is it? 2D array of logic blocks surrounded by a

Field Programmable Gate Array - What is it? 2D array of logic blocks surrounded by a

Field Programmable Gate Array - What is it? 2D array of logic blocks surrounded by a interconnection matrix and I/O Fundamental Structure Altera Cyclone IV Programmable, but not in the usual sense Programmed with a bit file loaded into

850 views • 5 slides
An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Oracle Labs, Brisbane, 4 December 2015 1/ 19

291 views • 27 slides
Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

CS6202: Advanced Topics in Programming Hoare Logic Hoare Logic Languages and Systems Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview Notation : {P} code {Q} Assertion Logic {P}

557 views • 19 slides
Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa,

Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa,

Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa, Aquinas Hobor and John Wickerson IRIS Day OScience, Coronavirus Lockdown Edition Tuesday 7th April, 2020 1/ 13 Concurrent separation logic (

164 views • 13 slides
On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18

On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18

On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18 Warsaw, October 2018 The blossom of separation logics Separation logic: extension of Hoare-Floyd logic for (concurrent) programs with mutable data

642 views • 48 slides
Charge! a framework for higher-order separation logic in Coq Lars Birkedal Logic and Semantics

Charge! a framework for higher-order separation logic in Coq Lars Birkedal Logic and Semantics

Charge! a framework for higher-order separation logic in Coq Lars Birkedal Logic and Semantics Group Dept. of Comp. Science, Aarhus University (Joint work with J. Bengtson, J.B. Jensen, H. Mehnert, P . Sestoft, F . Sieczkowski) April 2013

499 views • 34 slides
Undecidability of propositional separation logic and its neighbours James Brotherston Computer

Undecidability of propositional separation logic and its neighbours James Brotherston Computer

Undecidability of propositional separation logic and its neighbours James Brotherston Computer Science Seminar Institute of Cybernetics, Tallinn University of Technology 17 Nov 2011 1/ 27 Outline 1. An overview of propositional separation

948 views • 76 slides
Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of

Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of

Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of Cambridge CST Part II 2017/18 Introduction In the previous lectures, we have considered a language, WHILE , where mutability only concerned program

734 views • 57 slides
Arrays 7 January 2019 OSU CSE 1 Array An array is a group of similar variables, all of the

Arrays 7 January 2019 OSU CSE 1 Array An array is a group of similar variables, all of the

Arrays 7 January 2019 OSU CSE 1 Array An array is a group of similar variables, all of the same type, and with systematically related names that involve special syntax using [] Each array element , e.g., a[0] , a[1] , , acts

353 views • 21 slides
Computational Logic Abstract Interpretation of Logic Programs 1 Introduction [Material partly

Computational Logic Abstract Interpretation of Logic Programs 1 Introduction [Material partly

Computational Logic Abstract Interpretation of Logic Programs 1 Introduction [Material partly from Cousot, Nielson, Gallagher, Sondergaard, Bruynooghe, and others] Many CS problems related to program analysis / synthesis Prove that some

915 views • 50 slides
Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that

Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that

Introduction Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that Separation Logic is based on. This lecture will Kasper Svendsen University of Cambridge introduce a formal proof system for Separation

740 views • 10 slides
A Separation Logic for Non-determinism and Sequence Points in C Formalized in Coq Robbert

A Separation Logic for Non-determinism and Sequence Points in C Formalized in Coq Robbert

A Separation Logic for Non-determinism and Sequence Points in C Formalized in Coq Robbert Krebbers Radboud University Nijmegen May 14, 2014 @ TYPES, Paris, France 1 What is this program supposed to do? int main() { int x; int y = (x = 3) +

378 views • 16 slides
Microphone Array Post-Filter for Separation of Simultaneous Non- Stationary Sources Jean-Marc

Microphone Array Post-Filter for Separation of Simultaneous Non- Stationary Sources Jean-Marc

Microphone Array Post-Filter for Separation of Simultaneous Non- Stationary Sources Jean-Marc Valin , Jean Rouat, Franois Michaud Department of Electrical Engineering and Computer Engineering Universit de Sherbrooke, Qubec, Canada

283 views • 15 slides
A case for relaxed program logics Separation logic as a tool for

A case for relaxed program logics Separation logic as a tool for

A case for relaxed program logics Separation logic as a tool for understanding and debugging the C/C++ concurrency model Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

304 views • 13 slides

More recommend