GRASShopper - Complete Heap Verification with Mixed Specifications

We present GRASShopper, a tool for compositional verification of heap-manipulating programs against user-provided specifications. What makes our tool unique is its decidable specification language, which supports mixing of assertions expressed in separation logic and first-order logic. The user of the tool can thus take advantage of the succinctness of separation logic specifications and the discipline of local reasoning. Yet, at the same time, she can revert to classical logic in the cases where decidable separation logic fragments are less suited, such as reasoning about constraints on data and heap structures with complex sharing. We achieve this combination of specification languages through a translation to programs whose specifications are expressed in a decidable fragment of first-order logic called GRASS. This logic is well-suited for automation using satisfiability modulo theory solvers. Unlike other tools that provide similar features, our decidability guarantees enable GRASShopper to produce detailed counterexamples for incorrect or underspecified programs. We have found this feature to be invaluable when debugging specifications. We present the underlying philosophy of the tool, describe the major technical challenges, and discuss implementation details. We conclude with an evaluation that considers challenging benchmarks such as sorting algorithms and a union/find data structure.

[1]  Neil Immerman,et al.  The Boundary Between Decidability and Undecidability for Transitive-Closure Logics , 2004, CSL.

[2]  Tomás Vojnar,et al.  Predator: A Practical Tool for Checking Manipulation of Dynamic Data Structures Using Separation Logic , 2011, CAV.

[3]  Xiaokang Qiu,et al.  Natural proofs for structure, data, and separation , 2013, PLDI.

[4]  Matthew J. Parkinson,et al.  The Relationship between Separation Logic and Implicit Dynamic Frames , 2011, ESOP.

[5]  Frank Piessens,et al.  VeriCool: An Automatic Verifier for a Concurrent Object-Oriented Language , 2008, FMOODS.

[6]  Constantin Enea,et al.  Accurate Invariant Checking for Programs Manipulating Lists and Arrays with Infinite Data , 2012, ATVA.

[7]  Frank Piessens,et al.  VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java , 2011, NASA Formal Methods.

[8]  Thomas Wies,et al.  Complete Instantiation-Based Interpolation , 2013, Journal of Automated Reasoning.

[9]  Radu Iosif,et al.  The Tree Width of Separation Logic with Recursive Definitions , 2013, CADE.

[10]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.

[11]  Peter W. O'Hearn,et al.  Scalable Shape Analysis for Systems Code , 2008, CAV.

[12]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[13]  Samin Ishtiaq,et al.  SLAyer: Memory Safety for Systems-Level Code , 2011, CAV.

[14]  Joël Ouaknine,et al.  Tractable Reasoning in a Fragment of Separation Logic , 2011, CONCUR.

[15]  Greg Nelson,et al.  Simplification by Cooperating Decision Procedures , 1979, TOPL.

[16]  Peter W. O'Hearn,et al.  A Decidable Fragment of Separation Logic , 2004, FSTTCS.

[17]  Alexander Moshe Rabinovich,et al.  Decidable fragments of many-sorted logic , 2010, J. Symb. Comput..

[18]  Shuvendu K. Lahiri,et al.  Back to the future: revisiting precise program verification using SMT solvers , 2008, POPL '08.

[19]  Jan Smans,et al.  Verification of Concurrent Programs with Chalice , 2009, FOSAD.

[20]  Andrey Rybalchenko,et al.  Separation logic + superposition calculus = heap theorem prover , 2011, PLDI '11.

[21]  Frank Piessens,et al.  Implicit Dynamic Frames: Combining Dynamic Frames and Separation Logic , 2009, ECOOP.

[22]  Ruzica Piskac,et al.  Automating Separation Logic Using SMT , 2013, CAV.

[23]  Viorica Sofronie-Stokkermans,et al.  Hierarchic Reasoning in Local Theory Extensions , 2005, CADE.

[24]  Neil Immerman,et al.  Effectively-Propositional Reasoning about Reachability in Linked Data Structures , 2013, CAV.

[25]  Neil Immerman,et al.  Modular reasoning about heap paths via effectively propositional formulas , 2014, POPL.

[26]  Wolfram Schulte,et al.  Separation Logic Verification of C Programs with an SMT Solver , 2009, Electron. Notes Theor. Comput. Sci..

[27]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.