Proof automation for functional correctness in separation logic

We describe an approach to automatically prove the functional correctness of pointer programs that involve iteration and recursion. Building upon separation logic, our approach has been implemented as a tightly integrated tool chain incorporating a novel combination of proof planning and invariant generation. Starting from shape analysis, performed by the Smallfoot static analyser, we have developed a proof strategy that combines shape and functional aspects of the verification task. By focusing on both iterative and recursive code, we have had to address two related invariant generation tasks, i.e. loop and frame invariants. We deal with both tasks uniformly using an automatic technique called term synthesis, in combination with the IsaPlanner/Isabelle theorem prover. In addition, where verification fails, we attempt to overcome failure by automatically generating missing preconditions. We present in detail our experimental results. Our approach has been evaluated on a range of examples, drawn in part from a functional extension to the Smallfoot corpus.

[1]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.

[2]  Peter W. O'Hearn,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2011, JACM.

[3]  Alan Bundy,et al.  Conjecture Synthesis for Inductive Theories , 2011, Journal of Automated Reasoning.

[4]  Gudmund Grov,et al.  Synthesising Functional Invariants in Separation Logic , 2010, WING@ETAPS/IJCAR.

[5]  Bruno Buchberger,et al.  Algorithm-Supported Mathematical Theory Exploration: A Personal View and Strategy , 2004, AISC.

[6]  Frank van Harmelen,et al.  Extensions to the Rippling-Out Tactic for Guiding Inductive Proofs , 1990, CADE.

[7]  Viktor Vafeiadis,et al.  A Marriage of Rely/Guarantee and Separation Logic , 2007, CONCUR.

[8]  Andrew McCreight,et al.  Practical Tactics for Separation Logic , 2009, TPHOLs.

[9]  Graham Birtwistle,et al.  VLSI Specification, Verification and Synthesis , 2013 .

[10]  R. M. Burstall,et al.  Some Techniques for Proving Correctness of Programs which Alter Data Structures , 2013 .

[11]  Tanel Tammet,et al.  Proof strategies in linear logic , 1994, Journal of Automated Reasoning.

[12]  Gudmund Grov,et al.  The CORE system: Animation and functional correctness of pointer programs , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[13]  Shengchao Qin,et al.  Verifying pointer safety for programs with unknown calls , 2010, J. Symb. Comput..

[14]  A. Bundy,et al.  Turning eureka steps into calculations in automatic program synthesis , 1990 .

[15]  M. Nivat Fiftieth volume of theoretical computer science , 1988 .

[16]  Shengchao Qin,et al.  Automated Verification of Shape and Size Properties Via Separation Logic , 2007, VMCAI.

[17]  David J. Pym Logic Programming with Bunched Implications , 1998, Electron. Notes Theor. Comput. Sci..

[18]  M. Gordon HOL: A Proof Generating System for Higher-Order Logic , 1988 .

[19]  Robert Atkey,et al.  Refinement and Term Synthesis in Loop Invariant Generation , 2010, WING@ETAPS/IJCAR.

[20]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[21]  Thomas Tuerk,et al.  A Formalisation of Smallfoot in HOL , 2009, TPHOLs.

[22]  Jacques D. Fleuriot,et al.  IsaPlanner: A Prototype Proof Planner in Isabelle , 2003, CADE.

[23]  Alan Bundy,et al.  Scheme-based theorem discovery and concept invention , 2012, Expert Syst. Appl..

[24]  Arthur Charguéraud,et al.  Characteristic formulae for the verification of imperative programs , 2011, ICFP.

[25]  Natarajan Shankar,et al.  Proof search in first-order linear logic and other cut-free sequent calculi , 1994, Proceedings Ninth Annual IEEE Symposium on Logic in Computer Science.

[26]  Alan Bundy,et al.  The Use of Explicit Plans to Guide Inductive Proofs , 1988, CADE.

[27]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[28]  Viktor Vafeiadis,et al.  Shape-Value Abstraction for Verifying Linearizability , 2008, VMCAI.

[29]  Magnus O. Myreen Separation Logic Adapted for Proofs by Rewriting , 2010, ITP.

[30]  Andrew Ireland,et al.  Mutation in Linked Data Structures , 2011, ICFEM.

[31]  Patrick Lincoln,et al.  Linear logic , 1992, SIGA.

[32]  Matthew J. Parkinson,et al.  jStar: towards practical verification for java , 2008, OOPSLA.

[33]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[34]  Donald Michie,et al.  Machine Intelligence 7 , 1975 .

[35]  Michael J. C. Gordon,et al.  Forward with Hoare , 2010, Reflections on the Work of C. A. R. Hoare.

[36]  Viktor Vafeiadis,et al.  Structuring the verification of heap-manipulating programs , 2010, POPL '10.

[37]  Robert Atkey,et al.  Amortised Resource Analysis with Separation Logic , 2010, ESOP.

[38]  Wolfram Schulte,et al.  Separation Logic Verification of C Programs with an SMT Solver , 2009, Electron. Notes Theor. Comput. Sci..