Separation logic + superposition calculus = heap theorem prover

Program analysis and verification tools crucially depend on the ability to symbolically describe and reason about sets of program behaviors. Separation logic provides a promising foundation for dealing with heap manipulating programs, while the development of practical automated deduction/satisfiability checking tools for separation logic is a challenging problem. In this paper, we present an efficient, sound and complete automated theorem prover for checking validity of entailments between separation logic formulas with list segment predicates. Our theorem prover integrates separation logic inference rules that deal with list segments and a superposition calculus to deal with equality/aliasing between memory locations. The integration follows a modular combination approach that allows one to directly incorporate existing advanced techniques for first-order reasoning with equality, as well as account for additional theories, e.g., linear arithmetic, using extensions of superposition. An experimental evaluation of our entailment prover indicates speedups of several orders of magnitude with respect to the available state-of-the-art tools.

[1]  Matthew J. Parkinson,et al.  jStar: towards practical verification for java , 2008, OOPSLA.

[2]  Bor-Yuh Evan Chang,et al.  Relational inductive shape analysis , 2008, POPL '08.

[3]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[4]  Peter W. O'Hearn,et al.  Shape Analysis for Composite Data Structures , 2007, CAV.

[5]  Andrew W. Appel,et al.  A Fresh Look at Separation Algebras and Share Accounting , 2009, APLAS.

[6]  Peter W. O'Hearn,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2011, JACM.

[7]  Andreas Podelski,et al.  Boolean Heaps , 2005, SAS.

[8]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[9]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.

[10]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[11]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[12]  Hongseok Yang,et al.  An Example of Local Reasoning in BI Pointer Logic: the Schorr−Waite Graph Marking Algorithm , 2001 .

[13]  Reynald Affeldt,et al.  A Certified Verifier for a Fragment of Separation Logic , 2009 .

[14]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[15]  Albert Rubio,et al.  Paramodulation-Based Theorem Proving , 2001, Handbook of Automated Reasoning.

[16]  Lars Birkedal,et al.  Ynot: dependent types for imperative programs , 2008, ICFP 2008.

[17]  Anders Møller,et al.  The Pointer Assertion Logic Engine , 2000 .

[18]  Peter W. O'Hearn,et al.  A Decidable Fragment of Separation Logic , 2004, FSTTCS.

[19]  Wei-Ngan Chin,et al.  Runtime Checking for Separation Logic , 2008, VMCAI.

[20]  Roberto Bruttomesso,et al.  The MathSAT 4SMT Solver , 2008, CAV.

[21]  Peter W. O'Hearn,et al.  Scalable Shape Analysis for Systems Code , 2008, CAV.

[22]  Frank Piessens,et al.  The VeriFast program verifier , 2008 .

[23]  Andreas Podelski,et al.  Counterexample-guided focus , 2010, POPL '10.

[24]  Todd Millstein,et al.  Automatic predicate abstraction of C programs , 2001, PLDI '01.

[25]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[26]  Cristiano Calcagno,et al.  Tracking Heaps That Hop with Heap-Hop , 2010, TACAS.

[27]  David Gay,et al.  Memory management with explicit regions , 1998, PLDI.

[28]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[29]  Peter Baumgartner,et al.  Superposition and Model Evolution Combined , 2009, CADE.

[30]  Martin C. Rinard Integrated Reasoning and Proof Choice Point Selection in the Jahob System - Mechanisms for Program Survival , 2009, CADE.

[31]  Viktor Kuncak,et al.  Using First-Order Theorem Provers in the Jahob Data Structure Verification System , 2007, VMCAI.

[32]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[33]  Andrei Voronkov,et al.  Integrating Linear Arithmetic into Superposition Calculus , 2007, CSL.

[34]  Nikolaj Bjørner,et al.  Tapas: Theory Combinations and Practical Applications , 2009, FORMATS.

[35]  Manuel V. Hermenegildo,et al.  Precise Set Sharing Analysis for Java-Style Programs , 2008, VMCAI.

[36]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.