separation logic for non local control flow and block
play

Separation Logic for Non-local Control Flow and Block Scope - PowerPoint PPT Presentation

Jun 06, 2023 •174 likes •907 views

Separation Logic for Non-local Control Flow and Block Scope Variables Robbert Krebbers Joint work with Freek Wiedijk Radboud University Nijmegen March 19, 2013 @ FoSSaCS, Rome, Italy What is this program supposed to do? int *p = NULL; l: if

  1. Separation Logic for Non-local Control Flow and Block Scope Variables Robbert Krebbers Joint work with Freek Wiedijk Radboud University Nijmegen March 19, 2013 @ FoSSaCS, Rome, Italy

  2. What is this program supposed to do? int *p = NULL; l: if (p) { return (*p); } else { int j = 10; p = &j; goto l; }

  3. What is this program supposed to do? int *p = NULL; memory: l: if (p) { p return (*p); } else { NULL int j = 10; p = &j; goto l; }

  4. What is this program supposed to do? int *p = NULL; memory: l: if (p) { p return (*p); } else { NULL int j = 10; p = &j; goto l; }

  5. What is this program supposed to do? int *p = NULL; memory: l: if (p) { p j return (*p); } else { NULL 10 int j = 10; p = &j; goto l; }

  6. What is this program supposed to do? int *p = NULL; memory: l: if (p) { p j return (*p); } else { • 10 int j = 10; p = &j; goto l; }

  7. What is this program supposed to do? int *p = NULL; memory: l: if (p) { p j return (*p); } else { • 10 int j = 10; p = &j; goto l; }

  8. What is this program supposed to do? int *p = NULL; memory: l: if (p) { p return (*p); } else { • int j = 10; p = &j; goto l; }

  9. What is this program supposed to do? int *p = NULL; memory: l: if (p) { p return (*p); } else { • int j = 10; p = &j; goto l; }

  10. What is this program supposed to do? int *p = NULL; memory: l: if (p) { p return (*p); } else { • int j = 10; p = &j; goto l; } It exhibits undefined behavior, thus it may do anything

  11. Undefined behavior in C ◮ Undefined behavior is shown by “wrong” C programs ◮ Programs may do anything on undefined behavior ◮ It allows compilers to omit (expensive) dynamic checks

  12. Undefined behavior in C ◮ Undefined behavior is shown by “wrong” C programs ◮ Programs may do anything on undefined behavior ◮ It allows compilers to omit (expensive) dynamic checks ◮ It cannot be checked for statically ◮ Not accounting for it means that ◮ programs can be proven to be correct with respect to the formal semantics . . . ◮ whereas they may crash when compiled with an actual compiler

  13. Undefined behavior in C ◮ Undefined behavior is shown by “wrong” C programs ◮ Programs may do anything on undefined behavior ◮ It allows compilers to omit (expensive) dynamic checks ◮ It cannot be checked for statically ◮ Not accounting for it means that ◮ programs can be proven to be correct with respect to the formal semantics . . . ◮ whereas they may crash when compiled with an actual compiler This talk: undefined behavior due to dangling pointers by non-local control flow and block scopes

  14. Goto considered harmful? http://xkcd.com/292/

  15. Goto considered harmful? http://xkcd.com/292/ Not necessarily: ⊢ { P } . . . goto main_sub3; . . . { Q }

  16. Contribution A concise small step operational, and axiomatic, semantics for goto, supporting: ◮ local variables (and pointers to those), ◮ mutual recursion, ◮ separation logic, ◮ soundness proof fully checked by Coq

  17. Approach ◮ Execute gotos and returns in small steps ◮ Not so much to search for labels, . . . ◮ but to naturally perform required allocations and deallocations

  18. Approach ◮ Execute gotos and returns in small steps ◮ Not so much to search for labels, . . . ◮ but to naturally perform required allocations and deallocations ◮ Traversal through the AST in the following directions: ◮ ց downwards to the next statement ◮ ր upwards to the next statement

  19. Approach ◮ Execute gotos and returns in small steps ◮ Not so much to search for labels, . . . ◮ but to naturally perform required allocations and deallocations ◮ Traversal through the AST in the following directions: ◮ ց downwards to the next statement ◮ ր upwards to the next statement ◮ � l to a label l: after a goto l ↑ to the top of the statement after a return ◮ ↑

  20. Example int *p = NULL l: if (p) return (*p) int j = 10 ; p = &j goto l

  21. Example int *p = NULL direction: ց l: memory: if (p) p return (*p) int j = 10 NULL ; p = &j goto l

  22. Example int *p = NULL direction: ց l: memory: if (p) p return (*p) int j = 10 NULL ; p = &j goto l

  23. Example int *p = NULL direction: ց l: memory: if (p) p return (*p) int j = 10 NULL ; p = &j goto l

  24. Example int *p = NULL direction: ց l: memory: if (p) p j return (*p) int j = 10 NULL 10 ; p = &j goto l

  25. Example int *p = NULL direction: ց l: memory: if (p) p j return (*p) int j = 10 NULL 10 ; p = &j goto l

  26. Example int *p = NULL direction: ց l: memory: if (p) p j return (*p) int j = 10 • 10 ; p = &j goto l

  27. Example int *p = NULL direction: ր l: memory: if (p) p j return (*p) int j = 10 • 10 ; p = &j goto l

  28. Example int *p = NULL direction: ր l: memory: if (p) p j return (*p) int j = 10 • 10 ; p = &j goto l

  29. Example int *p = NULL direction: ց l: memory: if (p) p j return (*p) int j = 10 • 10 ; p = &j goto l

  30. Example int *p = NULL direction: ց l: memory: if (p) p j return (*p) int j = 10 • 10 ; p = &j goto l

  31. Example int *p = NULL direction: � l l: memory: if (p) p j return (*p) int j = 10 • 10 ; p = &j goto l

  32. Example int *p = NULL direction: � l l: memory: if (p) p j return (*p) int j = 10 • 10 ; p = &j goto l

  33. Example int *p = NULL direction: � l l: memory: if (p) p j return (*p) int j = 10 • 10 ; p = &j goto l

  34. Example int *p = NULL direction: � l l: memory: if (p) p return (*p) int j = 10 • ; p = &j goto l

  35. Example int *p = NULL direction: � l l: memory: if (p) p return (*p) int j = 10 • ; p = &j goto l

  36. Example int *p = NULL direction: ց l: memory: if (p) p return (*p) int j = 10 • ; p = &j goto l

  37. Example int *p = NULL direction: ց l: memory: if (p) p return (*p) int j = 10 • ; p = &j goto l

  38. Example int *p = NULL direction: ց l: memory: if (p) p return (*p) int j = 10 • ; p = &j goto l

  39. How to model the current location in the program Huet’s zipper Purely functional way to store a pointer into a data structure

  40. Statement contexts ◮ Statements: s ::= block s | e l := e r | f ( � e ) | skip | goto l | l : s | s 1 ; s 2 | if ( e ) s 1 s 2 | return

  41. Statement contexts ◮ Statements: s ::= block s | e l := e r | f ( � e ) | skip | goto l | l : s | s 1 ; s 2 | if ( e ) s 1 s 2 | return ◮ The block construct is unnamed as we use De Bruijn indexes

  42. Statement contexts ◮ Statements: s ::= block s | e l := e r | f ( � e ) | skip | goto l | l : s | s 1 ; s 2 | if ( e ) s 1 s 2 | return ◮ The block construct is unnamed as we use De Bruijn indexes ◮ Singular statement contexts: E S ::= � ; s 2 | s 1 ; � | if ( e ) � s 2 | if ( e ) s 1 � | l : �

  43. Statement contexts ◮ Statements: s ::= block s | e l := e r | f ( � e ) | skip | goto l | l : s | s 1 ; s 2 | if ( e ) s 1 s 2 | return ◮ The block construct is unnamed as we use De Bruijn indexes ◮ Singular statement contexts: E S ::= � ; s 2 | s 1 ; � | if ( e ) � s 2 | if ( e ) s 1 � | l : � ◮ A pair ( � E S , s ) forms a zipper for statements, where � � E S is a statement turned ◮ E S inside-out s ◮ s is the focused substatement

  44. Program contexts ◮ Make the zipper stateful to also contain the stack (to assign memory indexes to local variables) ◮ Extend the zipper dynamically on function calls

  45. Program contexts ◮ Make the zipper stateful to also contain the stack (to assign memory indexes to local variables) ◮ Extend the zipper dynamically on function calls ◮ Program contexts k are lists of singular program contexts: E ::= E S | block b � | . . . where block b � associates a block scope variable with its corresponding memory index b

  46. States A state S ( k , φ, m ) consists of a program context k , focus φ , and memory m

  47. States A state S ( k , φ, m ) consists of a program context k , focus φ , and memory m We consider the following focuses: ◮ ( d , s ) execution of a statement s in direction d

  48. States A state S ( k , φ, m ) consists of a program context k , focus φ , and memory m We consider the following focuses: ◮ ( d , s ) execution of a statement s in direction d ◮ call f � v calling a function f ( � v )

  49. States A state S ( k , φ, m ) consists of a program context k , focus φ , and memory m We consider the following focuses: ◮ ( d , s ) execution of a statement s in direction d ◮ call f � v calling a function f ( � v ) ◮ return returning from a function

  50. Example The corresponding state is S ( k , φ, m ), where: int *p = NULL ◮ k = [ � ; goto l , l: x 0 := int 10 ; � , if (p) block b j � , if ( load x 0 ) return � , return int j = 10 l : � , x 0 := NULL ; � , ; block b p � p = &j goto l ] ◮ φ = ( ր , x 1 := x 0 ) ◮ m = { b p �→ ptr b j , b j �→ 10 }

Recommend

Separation Logic for Non-local Control Flow and Block Scope Variables Robbert Krebbers Joint

Separation Logic for Non-local Control Flow and Block Scope Variables Robbert Krebbers Joint

Separation Logic for Non-local Control Flow and Block Scope Variables Robbert Krebbers Joint work with Freek Wiedijk Radboud University Nijmegen February 4, 2013 @ Gallium, INRIA Rocquencourt, France What is this program supposed to do? int

1.4k views • 103 slides
A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston College g , g Andrew W. Appel, Princeton University Jan 8 2006 Jan 8, 2006 1 Mobile Code Security Protect trusted system against

561 views • 26 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio Mansutti LSV, CNRS, ENS Paris-Saclay Paris - April 2019 What we will see An extension of propositional separation logic that can express some

569 views • 42 slides
Local Reasoning about the Presence of Bugs: Incorrectness Separation Logic (ISL) Azalea Raad 1,2

Local Reasoning about the Presence of Bugs: Incorrectness Separation Logic (ISL) Azalea Raad 1,2

Local Reasoning about the Presence of Bugs: Incorrectness Separation Logic (ISL) Azalea Raad 1,2 Josh Berdine 3 Hoang-Hai Dang 2 Derek Dreyer 2 Peter OHearn 3,4 Jules Villard 3 1 Imperial College London 2 Max Planck Institute for Software

1.03k views • 92 slides
Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Dagstuhl, 2015-11-02 Plan for the talk Talk outline Motivation Basic separation logic Concurrent separation logic Frame inference

597 views • 21 slides
Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms Smaller Arthur Charguraud Franois Pottier LTP meeting Saclay, November 28, 2016 Motivation More Motivation Separation Logic with Read-Only

441 views • 27 slides
Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008 Timothe Martiel Research Topics in Software Engineering 1 / 19 Outline 1 From Separation Logic to Inheritance 2 Beyond Separation Logic 3 What About

553 views • 24 slides
An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Logic Summer School, ANU, 7 December 2015 1/ 19

789 views • 63 slides
Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St

Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St

Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St January 14, 2020 1 LSV, CNRS, ENS Paris-Saclay 2 I3S, Universit e C ote dAzur Separation Logic 99 Logic of Bunched Implication ( BI ) [P.

310 views • 27 slides
1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

CS6202: Advanced Topics in Programming Languages and Systems Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model Hoare-style Inference Rules Specification and Annotations Linked List and Segments

1.02k views • 76 slides
Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification

Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification

Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification and overview of main techniques TCP Tahoe, Reno, Vegas TCP Westwood Readings: (1) Keshavs book Chapter on Flow Control; (2)

374 views • 22 slides
Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max

Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max

Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max Kanovich 2 1 Imperial College London 2 Queen Mary University of London LICS-25, University of Edinburgh, 12 July 2010 Separation logic (Reynolds,

1.11k views • 31 slides
Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 1 UCL 2 Middlesex University University of Vienna, 14 Mar 2017 1/ 19 Compositional proofs in separation logic (1) Separation

1.14k views • 91 slides
Separation logic and fragments: from expressive power to decision procedures St ephane Demri

Separation logic and fragments: from expressive power to decision procedures St ephane Demri

Separation logic and fragments: from expressive power to decision procedures St ephane Demri CNRS Marie Curie Fellow Yorktown Heights, March 2015 In Memoriam: Morgan Deters 2 Overview Separation Logic in a Nutshell 1 2 Expressive

915 views • 55 slides
An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Oracle Labs, Brisbane, 4 December 2015 1/ 19

291 views • 27 slides
Control flow Conditionals and Control Flow l A conditional branch

Control flow Conditionals and Control Flow l A conditional branch

10/2/15 Control flow Conditionals and Control Flow l A conditional branch is sufficient to implement most control Condition codes flow constructs offered in higher

356 views • 12 slides
1 Why Why flow flow control? control? sender

1 Why Why flow flow control? control? sender

Lecture 7. Lecture 7. TCP mechanisms for: TCP mechanisms for: data transfer control / flow control error control congestion control Graphical examples (applet java) of several algorithms at:

589 views • 13 slides
Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

CS6202: Advanced Topics in Programming Hoare Logic Hoare Logic Languages and Systems Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview Notation : {P} code {Q} Assertion Logic {P}

557 views • 19 slides
Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa,

Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa,

Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa, Aquinas Hobor and John Wickerson IRIS Day OScience, Coronavirus Lockdown Edition Tuesday 7th April, 2020 1/ 13 Concurrent separation logic (

164 views • 13 slides
On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18

On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18

On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18 Warsaw, October 2018 The blossom of separation logics Separation logic: extension of Hoare-Floyd logic for (concurrent) programs with mutable data

642 views • 48 slides
Flow of Control Flow of Control Recitation 09/(11,12)/2008 CS 180 CS 180 Department of

Flow of Control Flow of Control Recitation 09/(11,12)/2008 CS 180 CS 180 Department of

Flow of Control Flow of Control Recitation 09/(11,12)/2008 CS 180 CS 180 Department of Computer Science, Purdue University Project 2 j Now posted on the class webpage. Due Wed, Sept. 17 at 10 pm. Start early All

663 views • 22 slides
Charge! a framework for higher-order separation logic in Coq Lars Birkedal Logic and Semantics

Charge! a framework for higher-order separation logic in Coq Lars Birkedal Logic and Semantics

Charge! a framework for higher-order separation logic in Coq Lars Birkedal Logic and Semantics Group Dept. of Comp. Science, Aarhus University (Joint work with J. Bengtson, J.B. Jensen, H. Mehnert, P . Sestoft, F . Sieczkowski) April 2013

499 views • 34 slides

More recommend