Natural proofs for data structure manipulation in C using separation logic

The natural proof technique for heap verification developed by Qiu et al. [32] provides a platform for powerful sound reasoning for specifications written in a dialect of separation logic called Dryad. Natural proofs are proof tactics that enable automated reasoning exploiting recursion, mimicking common patterns found in human proofs. However, these proofs are known to work only for a simple toy language [32]. In this work, we develop a framework called VCDryad that extends the Vcc framework [9] to provide an automated deductive framework against separation logic specifications for C programs based on natural proofs. We develop several new techniques to build this framework, including (a) a novel tool architecture that allows encoding natural proofs at a higher level in order to use the existing Vcc framework (including its intricate memory model, the underlying type-checker, and the SMT-based verification infrastructure), and (b) a synthesis of ghost-code annotations that captures natural proof tactics, in essence forcing Vcc to find natural proofs using primarily decidable theories. We evaluate our tool extensively, on more than 150 programs, ranging from code manipulating standard data structures, well-known open source library routines (Glib, OpenBSD), Linux kernel routines, customized OS data structures, etc. We show that all these C programs can be fully automatically verified using natural proofs (given pre/post conditions and loop invariants) without any user-provided proof tactics. VCDryad is perhaps the first deductive verification framework for heap-manipulating programs in a real language that can prove such a wide variety of programs automatically.

[1]  K. Rustan M. Leino,et al.  The boogie verification debugger , 2011, ICSE 2011.

[2]  Ranjit Jhala,et al.  Type-based data structure verification , 2009, PLDI '09.

[3]  Adam Chlipala,et al.  Mostly-automated verification of low-level programs in computational separation logic , 2011, PLDI '11.

[4]  Dirk Beyer,et al.  Second Competition on Software Verification - (Summary of SV-COMP 2013) , 2013, TACAS.

[5]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[6]  Shuvendu K. Lahiri,et al.  Unifying type checking and property checking for low-level code , 2009, POPL '09.

[7]  Samuel T. King,et al.  Verifying security invariants in ExpressOS , 2013, ASPLOS '13.

[8]  Frank Piessens,et al.  VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java , 2011, NASA Formal Methods.

[9]  Wolfgang J. Paul,et al.  Theory of Multi Core Hypervisor Verification , 2013, SOFSEM.

[10]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[11]  Viktor Kuncak,et al.  Decision procedures for algebraic data types with abstractions , 2010, POPL '10.

[12]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[13]  Patrick Maxim Rondon,et al.  Liquid types , 2008, PLDI '08.

[14]  Radu Iosif,et al.  The Tree Width of Separation Logic with Recursive Definitions , 2013, CADE.

[15]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.

[16]  Joël Ouaknine,et al.  SeLoger: A Tool for Graph-Based Reasoning in Separation Logic , 2013, CAV.

[17]  Henny B. Sipma,et al.  What's Decidable About Arrays? , 2006, VMCAI.

[18]  Anders Møller,et al.  The Pointer Assertion Logic Engine , 2000 .

[19]  Viktor Kuncak,et al.  Satisfiability Modulo Recursive Programs , 2011, SAS.

[20]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[21]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[22]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[23]  Frank Piessens,et al.  Software verification with VeriFast: Industrial case studies , 2014, Sci. Comput. Program..

[24]  Nikolaj Bjørner,et al.  Generalized, efficient array decision procedures , 2009, 2009 Formal Methods in Computer-Aided Design.

[25]  Ruzica Piskac,et al.  Automating Separation Logic Using SMT , 2013, CAV.

[26]  Xiaokang Qiu,et al.  Natural proofs for structure, data, and separation , 2013, PLDI.

[27]  Shengchao Qin,et al.  Automated Verification of Shape, Size and Bag Properties , 2007, ICECCS.

[28]  Wolfram Schulte,et al.  A Precise Yet Efficient Memory Model For C , 2009, Electron. Notes Theor. Comput. Sci..

[29]  Joël Ouaknine,et al.  Tractable Reasoning in a Fragment of Separation Logic , 2011, CONCUR.

[30]  Peter W. O'Hearn,et al.  A Decidable Fragment of Separation Logic , 2004, FSTTCS.

[31]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[32]  Matthew J. Parkinson,et al.  jStar: towards practical verification for java , 2008, OOPSLA.

[33]  Leonardo Mendonça de Moura,et al.  Complete Instantiation for Quantified Formulas in Satisfiabiliby Modulo Theories , 2009, CAV.

[34]  Andrey Rybalchenko,et al.  Separation logic + superposition calculus = heap theorem prover , 2011, PLDI '11.

[35]  Chris Hawblitzel,et al.  Safe to the last instruction: automated verification of a type-safe operating system , 2010, PLDI '10.

[36]  Xiaokang Qiu,et al.  Recursive proofs for inductive tree data-structures , 2012, POPL '12.

[37]  Neil Immerman,et al.  Effectively-Propositional Reasoning about Reachability in Linked Data Structures , 2013, CAV.

[38]  Dirk Beyer,et al.  Competition on Software Verification - (SV-COMP) , 2012, TACAS.