Inferring Invariants in Separation Logic for Imperative List-processing Programs

An algorithm is presented for automatically inferring loop invariants in separation logic for imperative list-processing programs. A prototype implementation for a C-like language is shown to be successful in generating loop invariants for a variety of sample programs. The programs, while relatively small, iteratively perform destructive heap operations and hence pose problems more than challenging enough to demonstrate the utility of the approach. The invariants express information not only about the shape of the heap but also conventional properties of the program data. This combination makes it possible, in principle, to solve a wider range of verification problems and makes it easier to incorporate separation logic reasoning into static analysis systems, such as software model checkers. It also can provide a component of a separation-logic-based code certification system a la proof-carrying code.

[1]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[2]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[3]  J. Ferrante,et al.  The computational complexity of logical theories , 1979 .

[4]  Dirk Siefkes Review: Jeanne Ferrante, Charles W. Rackoff, The Computational Complexity of Logical Theories , 1984 .

[5]  Laurie J. Hendren,et al.  Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C , 1996, POPL '96.

[6]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[7]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[8]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[9]  Peter W. O'Hearn,et al.  The Logic of Bunched Implications , 1999, Bulletin of Symbolic Logic.

[10]  George C. Necula,et al.  A certifying compiler for Java , 2000, PLDI '00.

[11]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[12]  George C. Necula,et al.  Temporal-Safety Proofs for Systems Code , 2002, CAV.

[13]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[14]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[15]  David J. Pym,et al.  The semantics and proof theory of the logic of bunched implications , 2002, Applied logic series.

[16]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[17]  Peter W. O'Hearn,et al.  A Decidable Fragment of Separation Logic , 2004, FSTTCS.

[18]  Tjark Weber Towards Mechanized Program Verification with Separation Logic , 2004, CSL.

[19]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[20]  Élodie-Jane Sims,et al.  Extending separation logic with fixpoints and postponed substitution , 2006, Theor. Comput. Sci..