Spatial Interpolants

We propose SplInter, a new technique for proving properties of heap-manipulating programs that marries (1) a new separation logic–based analysis for heap reasoning with (2) an interpolation-based technique for refining heap-shape invariants with data invariants. SplInter is property directed, precise, and produces counterexample traces when a property does not hold. Using the novel notion of spatial interpolants modulo theories, SplInter can infer complex invariants over general recursive predicates, e.g., of the form all elements in a linked list are even or a binary tree is sorted. Furthermore, we treat interpolation as a black box, which gives us the freedom to encode data manipulation in any suitable theory for a given program (e.g., bit vectors, arrays, or linear arithmetic), so that our technique immediately benefits from any future advances in SMT solving and interpolation.

[1]  Viktor Kuncak,et al.  Classifying and Solving Horn Clauses for Verification , 2013, VSTTE.

[2]  Xiaokang Qiu,et al.  Natural proofs for structure, data, and separation , 2013, PLDI.

[3]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[4]  Aws Albarghouthi,et al.  Beautiful Interpolants , 2013, CAV.

[5]  Thomas W. Reps,et al.  Revamping TVLA: Making Parametric Shape Analysis Competitive , 2007, CAV.

[6]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[7]  Andreas Podelski,et al.  Counterexample-guided focus , 2010, POPL '10.

[8]  Thomas A. Henzinger,et al.  Path invariants , 2007, PLDI '07.

[9]  Andrey Rybalchenko,et al.  Separation Logic Modulo Theories , 2013, APLAS.

[10]  Viorica Sofronie-Stokkermans,et al.  Constraint solving for interpolation , 2007, J. Symb. Comput..

[11]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.

[12]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[13]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, POPL.

[14]  Joël Ouaknine,et al.  Tractable Reasoning in a Fragment of Separation Logic , 2011, CONCUR.

[15]  Thomas A. Henzinger,et al.  Abstract Counterexample-Based Refinement for Powerset Domains , 2006, Program Analysis and Compilation.

[16]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[17]  Jochen Hoenicke,et al.  Nested interpolants , 2010, POPL '10.

[18]  Kenneth L. McMillan,et al.  Interpolants from Z3 proofs , 2011, 2011 Formal Methods in Computer-Aided Design (FMCAD).

[19]  Gennaro Parlato,et al.  Quantified Data Automata on Skinny Trees: An Abstract Domain for Lists , 2013, SAS.

[20]  Christof Löding,et al.  Learning Universally Quantified Invariants of Linear Data Structures , 2013, CAV.

[21]  Stephen Magill,et al.  Abstraction Refinement for Separation Logic Program Analyses , 2012 .

[22]  Thomas W. Reps,et al.  Statically Inferring Complex Heap, Array, and Numeric Invariants , 2010, SAS.

[23]  Constantin Enea,et al.  Abstract Domains for Automated Reasoning about List-Manipulating Programs with Infinite Data , 2012, VMCAI.

[24]  Andrey Rybalchenko,et al.  Separation logic + superposition calculus = heap theorem prover , 2011, PLDI '11.

[25]  Peter W. O'Hearn,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2011, JACM.

[26]  Ashutosh Gupta,et al.  Solving Recursion-Free Horn Clauses over LI+UIF , 2011, APLAS.

[27]  Nikolaj Bjørner,et al.  Property-Directed Shape Analysis , 2014, CAV.

[28]  Bor-Yuh Evan Chang,et al.  Relational inductive shape analysis , 2008, POPL '08.

[29]  Peter Lee,et al.  Automatic numeric abstractions for heap-manipulating programs , 2010, POPL '10.

[30]  Ruzica Piskac,et al.  Automating Separation Logic Using SMT , 2013, CAV.

[31]  Constantin Enea,et al.  Invariant Synthesis for Programs Manipulating Lists with Unbounded Data , 2010, CAV.

[32]  Thomas A. Henzinger,et al.  Lazy Shape Analysis , 2006, CAV.