Automating Separation Logic Using SMT

Separation logic (SL) has gained widespread popularity because of its ability to succinctly express complex invariants of a program's heap configurations. Several specialized provers have been developed for decidable SL fragments. However, these provers cannot be easily extended or combined with solvers for other theories that are important in program verification, e.g., linear arithmetic. In this paper, we present a reduction of decidable SL fragments to a decidable first-order theory that fits well into the satisfiability modulo theories (SMT) framework. We show how to use this reduction to automate satisfiability, entailment, frame inference, and abduction problems for separation logic using SMT solvers. Our approach provides a simple method of integrating separation logic into existing verification tools that provide SMT backends, and an elegant way of combining SL fragments with other decidable first-order theories. We implemented this approach in a verification tool and applied it to heap-manipulating programs whose verification involves reasoning in theory combinations.

[1]  Frank Piessens,et al.  Implicit dynamic frames , 2008, TOPL.

[2]  Peter W. O'Hearn,et al.  Scalable Shape Analysis for Systems Code , 2008, CAV.

[3]  Frank Piessens,et al.  VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java , 2011, NASA Formal Methods.

[4]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[5]  Shuvendu K. Lahiri,et al.  Back to the future: revisiting precise program verification using SMT solvers , 2008, POPL '08.

[6]  Matthew J. Parkinson,et al.  jStar: towards practical verification for java , 2008, OOPSLA.

[7]  Viorica Sofronie-Stokkermans,et al.  Hierarchic Reasoning in Local Theory Extensions , 2005, CADE.

[8]  Joël Ouaknine,et al.  Tractable Reasoning in a Fragment of Separation Logic , 2011, CONCUR.

[9]  Anindya Banerjee,et al.  Decision Procedures for Region Logic , 2012, VMCAI.

[10]  Greg Nelson,et al.  Simplification by Cooperating Decision Procedures , 1979, TOPL.

[11]  Peter W. O'Hearn,et al.  A Decidable Fragment of Separation Logic , 2004, FSTTCS.

[12]  Calogero G. Zarba Combining Sets with Elements , 2003, Verification: Theory and Practice.

[13]  Samin Ishtiaq,et al.  SLAyer: Memory Safety for Systems-Level Code , 2011, CAV.

[14]  Andrey Rybalchenko,et al.  Separation Logic Modulo Theories , 2013, APLAS.

[15]  Nachum Dershowitz,et al.  Verification: Theory and Practice , 2004, Lecture Notes in Computer Science.

[16]  Philippa Gardner,et al.  From Separation Logic to First-Order Logic , 2005, FoSSaCS.

[17]  Matthew J. Parkinson,et al.  The Relationship between Separation Logic and Implicit Dynamic Frames , 2011, ESOP.

[18]  Peter W. O'Hearn,et al.  Shape Analysis for Composite Data Structures , 2007, CAV.

[19]  Ruzica Piskac,et al.  Combining Theories with Shared Set Operations , 2009, FroCoS.

[20]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.

[21]  Calogero G. Zarba,et al.  Combining Data Structures with Nonstably Infinite Theories Using Many-Sorted Logic , 2005, FroCoS.

[22]  Shuvendu K. Lahiri,et al.  A Reachability Predicate for Analyzing Low-Level Software , 2007, TACAS.

[23]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[24]  Peter W. O'Hearn,et al.  Local Action and Abstract Separation Logic , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[25]  Tomás Vojnar,et al.  Predator: A Practical Tool for Checking Manipulation of Dynamic Data Structures Using Separation Logic , 2011, CAV.

[26]  Andrey Rybalchenko,et al.  Separation logic + superposition calculus = heap theorem prover , 2011, PLDI '11.

[27]  François Bobot,et al.  Separation Predicates: A Taste of Separation Logic in First-Order Logic , 2012, ICFEM.

[28]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[29]  Nikolaj Bjørner,et al.  Generalized, efficient array decision procedures , 2009, 2009 Formal Methods in Computer-Aided Design.

[30]  Ioannis T. Kassios The dynamic frames theory , 2010, Formal Aspects of Computing.

[31]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[32]  Peter W. O'Hearn,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2011, JACM.

[33]  Constantin Enea,et al.  Accurate Invariant Checking for Programs Manipulating Lists and Arrays with Infinite Data , 2012, ATVA.

[34]  Anindya Banerjee,et al.  Regional Logic for Local Reasoning about Global Invariants , 2008, ECOOP.

[35]  Viktor Kuncak,et al.  An Efficient Decision Procedure for Imperative Tree Data Structures , 2011, CADE.

[36]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.