program proofs in hybrid separation logic
play

Program Proofs in Hybrid Separation Logic Armal Guneau & Jules - PowerPoint PPT Presentation

Sep 03, 2022 •467 likes •985 views

I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION Program Proofs in Hybrid Separation Logic Armal Guneau & Jules Villard Imperial College of London & ENS Lyon 4th

  1. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION Program Proofs in Hybrid Separation Logic Armaël Guéneau & Jules Villard Imperial College of London & ENS Lyon 4th September 2014 Armaël Guéneau Program Proofs in Hybrid Separation Logic 1/31

  2. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION I NTRODUCTION General field of study: imperative programs verification. § We want to prove specifications, as Hoare triples: t P u c t Q u § We are also interested in memory safety An existing framework: Separation logic § Assertions P , Q describe memory heaps § An additional inference rule for triples § Proving a specification requires memory safety Armaël Guéneau Program Proofs in Hybrid Separation Logic 2/31

  3. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION O UTLINE OF THIS TALK § Let’s play with separation logic: a motivational example § Introducing hybrid separation logic § Can we do nicer proofs of our example using it? § Can we automate these proofs? Armaël Guéneau Program Proofs in Hybrid Separation Logic 3/31

  4. A MOTIVATIONAL EXAMPLE : copytree

  5. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] struct tree { tree* copytree(tree* x) { int val; if (x == NULL) tree* l; return x; tree* r; }; tree* l’ = copytree(x->l); tree* r’ = copytree(x->r); tree* x’ = malloc(sizeof(tree )); x’->l = l’; x’->r = r’; What specification for return x’; copytree? } Armaël Guéneau Program Proofs in Hybrid Separation Logic 5/31

  6. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] A FIRST SPECIFICATION Separating conjunction ô P 1 › P 2 P 1 P 2 t tree x u x’ = copytree(x) t tree x › tree x 1 u Armaël Guéneau Program Proofs in Hybrid Separation Logic 6/31

  7. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] A FIRST SPECIFICATION x ÞÑ a , b , c : emp : the empty heap ” pD l , r : x ÞÑ val , l , r › tree l › tree r q tree x _p x = 0 ^ emp q Armaël Guéneau Program Proofs in Hybrid Separation Logic 7/31

  8. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION // t tree x u tree* copytree(tree* x) { if (x == NULL) return x; tree* l’ = copytree(x->l); tree* r’ = copytree(x->r); tree* x’ = malloc(sizeof(tree )); x’->l = l’; x’->r = r’; x’->val = x->val; return x’; } // t tree x › tree x 1 u Armaël Guéneau Program Proofs in Hybrid Separation Logic 8/31

  9. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION // t tree x u tree* copytree(tree* x) { if (x == NULL) return x; // t x ÞÑ val , l , r › tree l › tree r u tree* l’ = copytree(x->l); // t x ÞÑ val , l , r › tree l › tree r › tree l 1 u t P u c t Q u tree* r’ = copytree(x->r); Frame t P › R u c t Q › R u tree* x’ = malloc(sizeof(tree )); x’->l = l’; x’->r = r’; x’->val = x->val; return x’; } // t tree x › tree x 1 u Armaël Guéneau Program Proofs in Hybrid Separation Logic 8/31

  10. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION // t tree x u tree* copytree(tree* x) { if (x == NULL) return x; // t x ÞÑ val , l , r › tree l › tree r u // � t tree l u tree* l’ = copytree(x->l); // � t tree l › tree l 1 u // t x ÞÑ val , l , r › tree l › tree r › tree l 1 u t P u c t Q u tree* r’ = copytree(x->r); Frame t P › R u c t Q › R u tree* x’ = malloc(sizeof(tree )); x’->l = l’; x’->r = r’; x’->val = x->val; return x’; } // t tree x › tree x 1 u Armaël Guéneau Program Proofs in Hybrid Separation Logic 8/31

  11. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION // t tree x u tree* copytree(tree* x) { if (x == NULL) return x; // t x ÞÑ val , l , r › tree l › tree r u // � t tree l u tree* l’ = copytree(x->l); // � t tree l › tree l 1 u // t x ÞÑ val , l , r › tree l › tree r › tree l 1 u tree* r’ = copytree(x->r); // t x ÞÑ val , l , r › tree l › tree r › tree l 1 › tree r 1 u tree* x’ = malloc(sizeof(tree )); x’->l = l’; x’->r = r’; x’->val = x->val; return x’; } // t tree x › tree x 1 u Armaël Guéneau Program Proofs in Hybrid Separation Logic 8/31

  12. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION // t tree x u tree* copytree(tree* x) { if (x == NULL) return x; // t x ÞÑ val , l , r › tree l › tree r u // � t tree l u tree* l’ = copytree(x->l); // � t tree l › tree l 1 u // t x ÞÑ val , l , r › tree l › tree r › tree l 1 u tree* r’ = copytree(x->r); // t x ÞÑ val , l , r › tree l › tree r › tree l 1 › tree r 1 u tree* x’ = malloc(sizeof(tree )); x’->l = l’; x’->r = r’; x’->val = x->val; // t x ÞÑ val , l , r › tree l › tree r › x 1 ÞÑ val , l 1 , r 1 › tree l 1 › tree r 1 u return x’; } // t tree x › tree x 1 u Armaël Guéneau Program Proofs in Hybrid Separation Logic 8/31

  13. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] In fact, copytree also works on dags (directed acyclic graphs). dag x ” D l , r : x ÞÑ val , l , r › p dag l ?? dag r q _p x = 0 ^ emp q Armaël Guéneau Program Proofs in Hybrid Separation Logic 9/31

  14. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] T ALKING ABOUT OVERLAPPING HEAPS Overlapping conjunction P 1 ô P 1 Y › P 2 P 2 Armaël Guéneau Program Proofs in Hybrid Separation Logic 10/31

  15. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] W HAT DEFINITION OF dag x ? dag x ” D l , r : x ÞÑ val , l , r › p dag l Y › dag r q _p x = 0 ^ emp q Armaël Guéneau Program Proofs in Hybrid Separation Logic 11/31

  16. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] t dag x u x’ = copytree(x) t dag x › tree x 1 u We cannot prove this specification. // t x ÞÑ val , l , r › p dag l Y › dag r qu tree* l’ = copytree(x->l); › dag r q › tree l 1 u // t x ÞÑ val , l , r › p dag l Y Armaël Guéneau Program Proofs in Hybrid Separation Logic 12/31

  17. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] t dag x u x’ = copytree(x) t dag x › tree x 1 u We cannot prove this specification. // t x ÞÑ val , l , r › p dag l Y › dag r qu // � t dag l u tree* l’ = copytree(x->l); // � t dag l › tree l 1 u › dag r q › tree l 1 u // t x ÞÑ val , l , r › p dag l Y Armaël Guéneau Program Proofs in Hybrid Separation Logic 12/31

  18. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] Solution idea from Reynolds [Rey02]: use an assertion variable that implicitly quantifies over properties on the heap. t p ^ dag τ x u x’ Ð copytree(x) t p › tree τ x u § Has a taste of second-order logic § Overkill? Armaël Guéneau Program Proofs in Hybrid Separation Logic 13/31

  19. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] Solution from Hobor & Villard [HobVill13]: § Very precise dag predicate (parametrized by a mathematical view of the dag) § Prove functional correctness § Ramification instead of frame rule + heavy semantic proofs Armaël Guéneau Program Proofs in Hybrid Separation Logic 14/31

  20. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE Automated reasoning requires a much simpler reasoning. To talk about preserving parts of the heap, we can use labels ! (think heap variables ) Armaël Guéneau Program Proofs in Hybrid Separation Logic 15/31

  21. H YBRID S EPARATION L OGIC : SEPARATION LOGIC + LABELS

  22. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION I NTRODUCING THE HYBRID SEPARATION LOGIC Separation logic: defines the interpretation of ^ , _ , ñ , › , − − › , ... Hybrid separation logic: separation logic + ℓ ( heap variables or labels ) + @ ℓ A ( @ -modality) + D -quantifiers on labels ρ : valuation: Labels á Heaps h | ù ρ ℓ ô h = ρ p ℓ q h | ù ρ @ ℓ A ô ρ p ℓ q | ù ρ A h | ù ρ D ℓ : A ô exists h ℓ heap st. h | ù ρ r ℓ Ñ h ℓ s A Armaël Guéneau Program Proofs in Hybrid Separation Logic 17/31

Recommend

Cyclic Proofs of Program Termination in Separation Logic James Brotherston 1 , Richard Bornat

Cyclic Proofs of Program Termination in Separation Logic James Brotherston 1 , Richard Bornat

Cyclic Proofs of Program Termination in Separation Logic James Brotherston 1 , Richard Bornat 2 , and Cristiano Calcagno 1 1 Imperial College, London 2 Middlesex University, London Me 10 January, 2008 Overview We give a new method for

373 views • 11 slides
Mechanized proofs in higher-order separation logic Robbert Krebbers Delft University of

Mechanized proofs in higher-order separation logic Robbert Krebbers Delft University of

Mechanized proofs in higher-order separation logic Robbert Krebbers Delft University of Technology, The Netherlands February 5, 2019 @ Vrije Universiteit, Amsterdam, The Netherlands 1 Tactic-style proofs (as in LCF/Coq/HOL/ etc. ) have shown to

978 views • 97 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Jacques-Henri Jourdan 2 Ralf Jung 3 Joseph Tassarotti 4 Jan-Oliver Kaiser 3 Amin Timany 5 eraud 6 Derek Dreyer 3 Arthur Chargu 1 Delft

710 views • 49 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Jacques-Henri Jourdan 2 Ralf Jung 3 Joseph Tassarotti 4 Jan-Oliver Kaiser 3 Amin Timany 5 eraud 6 Derek Dreyer 3 Arthur Chargu 1 Delft

1.55k views • 141 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Delft University of Technology, The Netherlands October 9, 2018 @ Types Meeting, Aarhus, Denmark 1 MoSeL is joint work with Jacques-Henri

1.14k views • 98 slides
Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe and

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe and

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe and James Brotherston University College London TAPAS, Edinburgh, Wednesday 7 th September 2016 Automatically Proving Termination: Challenges proc

815 views • 57 slides
Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe,

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe,

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe, University of Kent, Canterbury James Brotherston, University College London CPP, Paris, France Monday 16 th January 2017 Automatically Proving

741 views • 70 slides
Parametric completeness for separation theories (via hybrid logic) James Brotherston University

Parametric completeness for separation theories (via hybrid logic) James Brotherston University

Parametric completeness for separation theories (via hybrid logic) James Brotherston University College London New York University, 11 December 2014 Joint work with Jules Villard 1/ 26 Part I Introduction, motivation and background 2/ 26

1.39k views • 118 slides
Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 1 UCL 2 Middlesex University University of Vienna, 14 Mar 2017 1/ 19 Compositional proofs in separation logic (1) Separation

1.14k views • 91 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2

Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2

Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2 Lars Birkedal 3 1 Delft University of Technology, The Netherlands 2 imec-Distrinet, KU Leuven, Belgium 3 Aarhus University, Denmark January 18, 2017 @

953 views • 71 slides
Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1

Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1

Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Delft University of Technology, The Netherlands June 12, 2017 @ MFPS, Ljubljana, Slovenia 1 Iris is joint work with: Ralf Jung, Jacques-Henri

1.16k views • 87 slides
Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio Mansutti LSV, CNRS, ENS Paris-Saclay Paris - April 2019 What we will see An extension of propositional separation logic that can express some

569 views • 42 slides
Proofs about Programs Why make you study logic? Program Verification Why make you do

Proofs about Programs Why make you study logic? Program Verification Why make you do

Proofs about Programs Why make you study logic? Program Verification Why make you do proofs? (Rosen, Sections 5.5) Because we want to prove properties of TOPICS programs: Program Correctness Preconditions &

323 views • 8 slides
A case for relaxed program logics Separation logic as a tool for

A case for relaxed program logics Separation logic as a tool for

A case for relaxed program logics Separation logic as a tool for understanding and debugging the C/C++ concurrency model Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

304 views • 13 slides
Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Dagstuhl, 2015-11-02 Plan for the talk Talk outline Motivation Basic separation logic Concurrent separation logic Frame inference

597 views • 21 slides
A Separation Logic to Verify Termination of Busy-Waiting for Abrupt Program Exit Tobias Reinhard 1

A Separation Logic to Verify Termination of Busy-Waiting for Abrupt Program Exit Tobias Reinhard 1

A Separation Logic to Verify Termination of Busy-Waiting for Abrupt Program Exit Tobias Reinhard 1 , Amin Timany 2 , Bart Jacobs 1 1 KU Leuven, imec-DistriNet Research Group 2 Aarhus University, Logic and Semantics Group 23rd July 2020 Motivation

460 views • 23 slides
Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms Smaller Arthur Charguraud Franois Pottier LTP meeting Saclay, November 28, 2016 Motivation More Motivation Separation Logic with Read-Only

441 views • 27 slides
Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of

Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of

Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of Cambridge CST Part II 2017/18 Introduction In the previous lectures, we have considered a language, WHILE , where mutability only concerned program

734 views • 57 slides
Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008 Timothe Martiel Research Topics in Software Engineering 1 / 19 Outline 1 From Separation Logic to Inheritance 2 Beyond Separation Logic 3 What About

553 views • 24 slides
Proofs: Logic in Action Using Logic Logic is used to deduce results in any (mathematically

Proofs: Logic in Action Using Logic Logic is used to deduce results in any (mathematically

Euclid (300 BC) Proofs: Logic in Action Using Logic Logic is used to deduce results in any (mathematically defined) system Typically a human endeavour (but can be automated if the system is relatively simple) Proof is a means to convince

325 views • 8 slides
A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer

A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer

A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer Logical Systems Lab Computer Science Department Carnegie Mellon University LICS18 1 / 21 Outline: Hybrid { Dynamics, Logic, Power } Hybrid

353 views • 34 slides
Isnt tes<ng enough? SoIware Tes<ng Methods Assuming

Isnt tes<ng enough? SoIware Tes<ng Methods Assuming

Proofs about Programs Why make you study logic? Program Verification Why make you do proofs? (Rosen, Sections 5.5) Because we want to prove proper<es of

218 views • 8 slides
Relaxed separation logic Viktor Vafeiadis Chinmay Narayan MPI-SWS IIT Delhi Concurrent program

Relaxed separation logic Viktor Vafeiadis Chinmay Narayan MPI-SWS IIT Delhi Concurrent program

Relaxed separation logic Viktor Vafeiadis Chinmay Narayan MPI-SWS IIT Delhi Concurrent program logics Goal: Understand concurrent programs. Tool: Concurrent program logics: C oncurrent S eparation L ogic OG, RG, RGSep, LRG, DG, CAP, CaReSL.

345 views • 16 slides

More recommend