Lightweight Support for Magic Wands in an Automatic Verifier

Permission-based verification logics such as separation logic have led to the development of many practical verification tools over the last decade. Verifiers employ the separating conjunction A*B to elegantly handle aliasing problems, framing, race conditions, etc. Introduced along with the separating conjunction, the magic wand connective, written A -* B, can describe hypothetical modifications of the current state, and provide guarantees about the results. Its formal semantics involves quantifying over states: as such, the connective is typically not supported in automatic verification tools. Nonetheless, the magic wand has been shown to be useful in by-hand and mechanised proofs, for example, for specifying loop invariants and partial data structures. In this paper, we show how to integrate support for the magic wand into an automatic verifier, requiring low specification overhead from the tool user, due to a novel approach for choosing footprints for magic wand formulas automatically. We show how to extend this technique to interact elegantly with common specification features such as recursive predicates. Our solution is designed to be compatible with a variety of logics and underlying implementation techniques. We have implemented our approach, and a prototype verifier is available to download, along with a collection of examples.

[1]  John Tang Boyland Semantics of fractional permissions with nesting , 2010, TOPL.

[2]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[3]  Hongseok Yang,et al.  An Example of Local Reasoning in BI Pointer Logic: the Schorr−Waite Graph Marking Algorithm , 2001 .

[4]  Alexander J. Summers,et al.  Lightweight Support for Magic Wands in an Automatic Verifier , 2014 .

[5]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[6]  Frank Piessens,et al.  Heap-Dependent Expressions in Separation Logic , 2010, FMOODS/FORTE.

[7]  Wonyeol Lee,et al.  A proof system for separation logic with magic wand , 2014, POPL.

[8]  Peter Müller,et al.  Viper: A Verification Infrastructure for Permission-Based Reasoning , 2016, VMCAI.

[9]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.

[10]  Rajeev Goré,et al.  Proof search for propositional abstract separation logics via labelled sequents , 2014, POPL.

[11]  Shengchao Qin,et al.  Automated Verification of Shape, Size and Bag Properties , 2007, ICECCS.

[12]  Suresh Jagannathan,et al.  Modular reasoning for deterministic parallelism , 2011, POPL '11.

[13]  Matthew J. Parkinson,et al.  jStar: towards practical verification for java , 2008, OOPSLA.

[14]  Hongseok Yang,et al.  Program Analysis for Overlaid Data Structures , 2011, CAV.

[15]  Frank Piessens,et al.  Implicit Dynamic Frames: Combining Dynamic Frames and Separation Logic , 2009, ECOOP.

[16]  Akinori Yonezawa,et al.  Extended alias type system using separating implication , 2011, TLDI '11.

[17]  James Brotherston,et al.  Automated Cyclic Entailment Proofs in Separation Logic , 2011, CADE.

[18]  Peter Müller,et al.  Verification Condition Generation for Permission Logics with Abstract Predicates and Abstraction Functions , 2013, ECOOP.

[19]  Neelakantan R. Krishnaswami,et al.  Reasoning about iterators with separation logic , 2006, SAVCBS '06.

[20]  Aquinas Hobor,et al.  The ramifications of sharing in data structures , 2013, POPL.

[21]  Frank Piessens,et al.  The VeriFast program verifier , 2008 .

[22]  Sophia Drossopoulou,et al.  A Formal Semantics for Isorecursive and Equirecursive State Abstractions , 2013, ECOOP.

[23]  Wei-Ngan Chin,et al.  Enhancing Program Verification with Lemmas , 2008, CAV.

[24]  John Boyland,et al.  Implementing permission analysis , 2009 .

[25]  Faculteit Ingenieurswetenschappen Specification and Automatic Verification of Frame Properties for Java-like Programs , 2009 .

[26]  Thomas Tuerk Local Reasoning about While-Loops , 2010 .

[27]  Christian Haack,et al.  Resource Usage Protocols for Iterators , 2009, J. Object Technol..

[28]  Marieke Huisman,et al.  Witnessing the elimination of magic wands , 2013, International Journal on Software Tools for Technology Transfer.

[29]  Ruzica Piskac,et al.  GRASShopper - Complete Heap Verification with Mixed Specifications , 2014, TACAS.

[30]  K. Rustan M. Leino,et al.  This is Boogie 2 , 2016 .

[31]  John Tang Boyland,et al.  Checking Interference with Fractional Permissions , 2003, SAS.

[32]  K. Rustan M. Leino,et al.  A Basis for Verifying Multi-threaded Programs , 2009, ESOP.

[33]  Gavin M. Bierman,et al.  Separation logic and abstraction , 2005, POPL '05.

[34]  Lars Birkedal,et al.  Modular verification of linked lists with views via separation logic , 2010, FTfJP@ECOOP.

[35]  Matthew J. Parkinson,et al.  The Relationship between Separation Logic and Implicit Dynamic Frames , 2011, ESOP.

[36]  Stéphane Demri,et al.  On the almighty wand , 2012, Inf. Comput..