Smallfoot: Modular Automatic Assertion Checking with Separation Logic

Separation logic is a program logic for reasoning about programs that manipulate pointer data structures. We describe Smallfoot, a tool for checking certain lightweight separation logic specifications. The assertions describe the shapes of data structures rather than their detailed contents, and this allows reasoning to be fully automatic. The presentation in the paper is tutorial in style. We illustrate what the tool can do via examples which are oriented toward novel aspects of separation logic, namely: avoidance of frame axioms (which say what a procedure does not change); embracement of “dirty” features such as memory disposal and address arithmetic; information hiding in the presence of pointers; and modular reasoning about concurrent programs.

[1]  C. A. R. Hoare,et al.  Procedures and parameters: An axiomatic approach , 1971, Symposium on Semantics of Algorithmic Languages.

[2]  Per Brinch Hansen The Origin of Concurrent Programming , 2002, Springer New York.

[3]  K. Mani Chandy,et al.  Proofs of Networks of Processes , 1981, IEEE Transactions on Software Engineering.

[4]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[5]  Donald E. Knuth,et al.  The Art of Computer Programming, Volume I: Fundamental Algorithms, 2nd Edition , 1997 .

[6]  Lars Birkedal,et al.  Local reasoning about a copying garbage collector , 2004, POPL '04.

[7]  J. Schwarz,et al.  Generic Commands - A Tool for Partial Correctness Formalisms , 1977, Comput. J..

[8]  David A. Naumann,et al.  On assertion-based encapsulation for object invariants and simulations , 2004, Formal Aspects of Computing.

[9]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[10]  Stephen N. Freund,et al.  Thread-Modular Verification for Shared-Memory Programs , 2002, ESOP.

[11]  Richard Bornat,et al.  Local reasoning, separation and aliasing , 2003 .

[12]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[13]  Cliff B. Jones,et al.  Wanted: a compositional approach to concurrency , 2003 .

[14]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[15]  Reinhard Wilhelm,et al.  A semantics for procedure local heaps and its abstractions , 2005, POPL '05.

[16]  Frank Piessens,et al.  Safe concurrency for aggregate objects with invariants , 2005, Third IEEE International Conference on Software Engineering and Formal Methods (SEFM'05).

[17]  Anindya Banerjee,et al.  Ownership confinement ensures representation independence for object-oriented programs , 2002, JACM.

[18]  Anders Møller,et al.  The Pointer Assertion Logic Engine , 2000 .

[19]  Nils Klarlund,et al.  Automatic verification of pointer programs using monadic second-order logic , 1997, PLDI '97.

[20]  YangHongseok,et al.  Separation and information hiding , 2004 .

[21]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[22]  Peter W. O'Hearn,et al.  Separation and information hiding , 2004, POPL.

[23]  Stephen D. Brookes,et al.  A Semantics for Concurrent Separation Logic , 2004, CONCUR.

[24]  James Noble,et al.  Simple Ownership Types for Object Containment , 2001, ECOOP.

[25]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[26]  Peter W. O'Hearn,et al.  Resources, concurrency, and local reasoning , 2007 .

[27]  Peter Müller,et al.  Universes: Lightweight Ownership for JML , 2005, J. Object Technol..

[28]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[29]  Michael Barnett,et al.  Friends Need a Bit More: Maintaining Invariants Over Shared State , 2004, MPC.

[30]  John Tang Boyland,et al.  Checking Interference with Fractional Permissions , 2003, SAS.

[31]  K. Rustan M. Leino,et al.  Object Invariants in Dynamic Contexts , 2004, ECOOP.

[32]  Peter W. O'Hearn,et al.  A Semantic Basis for Local Reasoning , 2002, FoSSaCS.

[33]  K. Rustan M. Leino,et al.  Using data groups to specify and check side effects , 2002, PLDI '02.

[34]  Charles Antony Richard Hoare Towards a theory of parallel programming , 2002 .

[35]  Peter W. O'Hearn,et al.  Permission accounting in separation logic , 2005, POPL '05.

[36]  David Walker,et al.  Alias Types for Recursive Data Structures , 2000, Types in Compilation.

[37]  Peter W. O'Hearn,et al.  Resources, Concurrency, and Local Reasoning (Abstract) , 2004, ESOP.

[38]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[39]  Hongseok Yang,et al.  An Example of Local Reasoning in BI Pointer Logic: the Schorr−Waite Graph Marking Algorithm , 2001 .

[40]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[41]  Maged M. Michael Hazard pointers: safe memory reclamation for lock-free objects , 2004, IEEE Transactions on Parallel and Distributed Systems.