Natural proofs for structure, data, and separation

We propose natural proofs for reasoning with programs that manipulate data-structures against specifications that describe the structure of the heap, the data stored within it, and separation and framing of sub-structures. Natural proofs are a subclass of proofs that are amenable to completely automated reasoning, that provide sound but incomplete procedures, and that capture common reasoning tactics in program verification. We develop a dialect of separation logic over heaps, called Dryad, with recursive definitions that avoids explicit quantification. We develop ways to reason with heaplets using classical logic over the theory of sets, and develop natural proofs for reasoning using proof tactics involving disciplined unfoldings and formula abstractions. Natural proofs are encoded into decidable theories of first-order logic so as to be discharged using SMT solvers. We also implement the technique and show that a large class of more than 100 correct programs that manipulate data-structures are amenable to full functional correctness using the proposed natural proof method. These programs are drawn from a variety of sources including standard data-structures, the Schorr-Waite algorithm for garbage collection, a large number of low-level C routines from the Glib library and OpenBSD library, the Linux kernel, and routines from a secure verified OS-browser project. Our work is the first that we know of that can handle such a wide range of full functional verification properties of heaps automatically, given pre/post and loop invariant annotations. We believe that this work paves the way for deductive verification technology to be used by programmers who do not (and need not) understand the internals of the underlying logic solvers, significantly increasing their applicability in building reliable systems.

[1]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[2]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[3]  Chucky Ellison,et al.  Matching Logic: An Alternative to Hoare/Floyd Logic , 2010, AMAST.

[4]  Viktor Kuncak,et al.  Full functional verification of linked data structures , 2008, PLDI '08.

[5]  Xiaokang Qiu,et al.  Efficient Decision Procedures for Heaps Using STRAND , 2011, SAS.

[6]  Peter W. O'Hearn,et al.  A Decidable Fragment of Separation Logic , 2004, FSTTCS.

[7]  Samuel T. King,et al.  Verifying security invariants in ExpressOS , 2013, ASPLOS '13.

[8]  Frank Piessens,et al.  VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java , 2011, NASA Formal Methods.

[9]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[10]  Viktor Kuncak,et al.  Decision procedures for algebraic data types with abstractions , 2010, POPL '10.

[11]  Henny B. Sipma,et al.  What's Decidable About Arrays? , 2006, VMCAI.

[12]  Shuvendu K. Lahiri,et al.  Back to the future: revisiting precise program verification using SMT solvers , 2008, POPL '08.

[13]  Viktor Kuncak,et al.  Satisfiability Modulo Recursive Programs , 2011, SAS.

[14]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[15]  Nikolaj Bjørner,et al.  Linear Functional Fixed-points , 2009, CAV.

[16]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.

[17]  Viktor Kuncak,et al.  An integrated proof language for imperative programs , 2009, PLDI '09.

[18]  Amir Pnueli,et al.  Shape Analysis of Single-Parent Heaps , 2007, VMCAI.

[19]  Chris Hawblitzel,et al.  Safe to the last instruction: automated verification of a type-safe operating system , 2011, CACM.

[20]  Calogero G. Zarba,et al.  A Theory of Singly-Linked Lists and its Extensible Decision Procedure , 2006, Fourth IEEE International Conference on Software Engineering and Formal Methods (SEFM'06).

[21]  Alan J. Hu,et al.  An Inference-Rule-Based Decision Procedure for Verification of Heap-Manipulating Programs with Mutable Data and Cyclic Data Structures , 2007, VMCAI.

[22]  Constantin Enea,et al.  A Logic-Based Framework for Reasoning about Composite Data Structures , 2009, CONCUR.

[23]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[24]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[25]  Marius Bozga,et al.  Quantitative Separation Logic and Programs with Lists , 2008, Journal of Automated Reasoning.

[26]  Wolfram Schulte,et al.  Separation Logic Verification of C Programs with an SMT Solver , 2009, Electron. Notes Theor. Comput. Sci..

[27]  Frank Piessens,et al.  Implicit dynamic frames , 2008, TOPL.

[28]  Peter Lee,et al.  THOR: A Tool for Reasoning about Shape and Arithmetic , 2008, CAV.

[29]  Thomas W. Reps,et al.  Automated Verification of the Deutsch-Schorr-Waite Tree-Traversal Algorithm , 2006, SAS.

[30]  Adam Chlipala,et al.  Mostly-automated verification of low-level programs in computational separation logic , 2011, PLDI '11.

[31]  Peter W. O'Hearn,et al.  Scalable Shape Analysis for Systems Code , 2008, CAV.

[32]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[33]  Alan J. Hu,et al.  Verifying Heap-Manipulating Programs in an SMT Framework , 2007, ATVA.

[34]  Xiaokang Qiu,et al.  Decidable logics combining heap structures and data , 2011, POPL '11.

[35]  Bor-Yuh Evan Chang,et al.  Relational inductive shape analysis , 2008, POPL '08.

[36]  Xiaokang Qiu,et al.  Recursive proofs for inductive tree data-structures , 2012, POPL '12.

[37]  Constantin Enea,et al.  On inter-procedural analysis of programs with lists and data , 2011, PLDI '11.

[38]  Chris Hawblitzel,et al.  Safe to the last instruction: automated verification of a type-safe operating system , 2010, PLDI '10.

[39]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[40]  Greg Nelson,et al.  Verifying reachability invariants of linked structures , 1983, POPL '83.

[41]  Claude Marché,et al.  A case study of C source code verification: the Schorr-Waite algorithm , 2005, Third IEEE International Conference on Software Engineering and Formal Methods (SEFM'05).

[42]  Peter W. O'Hearn,et al.  Shape Analysis for Composite Data Structures , 2007, CAV.

[43]  ChinWei-Ngan,et al.  Automated verification of shape, size and bag properties via user-defined predicates in separation logic , 2012 .

[44]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.