Structural separation logic

This thesis presents structural separation logic, a novel program reasoning approach for software that manipulates both standard heaps and structured data such as lists and trees. Structural separation logic builds upon existing work in both separation logic and context logic. It considers data abstractly, much as it is exposed by library interfaces, ignoring implementation details. We provide a programming language that works over structural heaps, which are similar to standard heaps but allow data to be stored in an abstract form. We introduce abstract heaps, which extend structural heaps to enable local reasoning about abstract data. Such data can be split up with structural addresses. Structural addresses allow sub-data (e.g. a sub-tree within a tree) to be abstractly allocated, promoting the sub-data to an abstract heap cell. This cell can be analysed in isolation, then re-joined with the original data. We show how the tight footprints this allows can be refined further with promises, which enable abstract heap cells to retain information about the context from which they were allocated. We prove that our approach is sound with respect to a standard Hoare logic. We study two large examples. Firstly, we present an axiomatic semantics for the Document Object Model in structural separation logic. We demonstrate how structural separation logic allows abstract reasoning about the DOM tree using tighter footprints than were possible in previous work. Secondly, we give a novel presentation of the POSIX file system library. We identify a subset of the large POSIX standard that focuses on the file system, including commands that manipulate both the file heap and the directory structure. Axioms for this system are given using structural separation logic. As file system resources are typically identified by paths, we use promises to give tight footprints to commands, so that that they do not require all the resource needed to explain paths being used. We demonstrate our reasoning using a software installer example.

[1]  Eric S. Raymond,et al.  Filesystem Hierarchy Standard , 2015 .

[2]  Viktor Vafeiadis,et al.  Concurrent Abstract Predicates , 2010, ECOOP.

[3]  Thomas Dinsdale-Young Abstract data and local reasoning , 2011 .

[4]  Philippa Gardner,et al.  Context logic as modal logic: completeness and parametric inexpressivity , 2007, POPL '07.

[5]  Philippa Gardner,et al.  Adjunct elimination in Context Logic for trees , 2010, Inf. Comput..

[6]  Andy Galloway,et al.  Model-Checking the Linux Virtual File System , 2008, VMCAI.

[7]  Peter W. O'Hearn,et al.  Scalable Shape Analysis for Systems Code , 2008, CAV.

[8]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[9]  Stephen D. Brookes,et al.  A Semantics for Concurrent Separation Logic , 2004, CONCUR.

[10]  Peter W. O'Hearn,et al.  Possible worlds and resources: the semantics of BI , 2004, Theor. Comput. Sci..

[11]  Gerard J. Holzmann,et al.  A mini challenge: build a verifiable filesystem , 2007, Formal Aspects of Computing.

[12]  Sriram K. Rajamani,et al.  Thorough static analysis of device drivers , 2006, EuroSys.

[13]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.

[14]  Philippa Gardner,et al.  DOM: Towards a Formal Specification , 2008, PLAN-X.

[15]  Peter W. O'Hearn,et al.  Permission accounting in separation logic , 2005, POPL '05.

[16]  Tim Berners-Lee,et al.  WorldWideWeb : proposal for a HyperText Project , 1990 .

[17]  John Mylopoulos,et al.  On the Frame Problem in Procedure Specifications , 1995, IEEE Trans. Software Eng..

[18]  John C. Reynolds,et al.  Intuitionistic reasoning about shared mutable data structure , 1999 .

[19]  Luca Cardelli,et al.  Mobile Ambients , 1998, FoSSaCS.

[20]  Lars Birkedal,et al.  Fictional Separation Logic , 2012, ESOP.

[21]  Benjamin C. Pierce,et al.  Xduce: a typed xml processing language , 1997 .

[22]  Carroll Morgan,et al.  Specification of the UNIX Filing System , 1984, IEEE Transactions on Software Engineering.

[23]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[24]  Hongseok Yang,et al.  Variables as Resource in Separation Logic , 2005, MFPS.

[25]  Philippa Gardner,et al.  A simple abstraction for complex concurrent indexes , 2011, OOPSLA '11.

[26]  Philippa Gardner,et al.  Small Specifications for Tree Update , 2009, WS-FM.

[27]  Philippa Gardner,et al.  Local Reasoning about Mashups , 2010 .

[28]  Jonathan Robie,et al.  Document Object Model (DOM) Level 2 Specification , 1998 .

[29]  Sriram K. Rajamani,et al.  SLAM and Static Driver Verifier: Technology Transfer of Formal Methods inside Microsoft , 2004, IFM.

[30]  Xinyu Feng,et al.  Deny-Guarantee Reasoning , 2009, ESOP.

[31]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[32]  Philippa Gardner,et al.  Local Hoare reasoning about DOM , 2008, PODS.

[33]  Viktor Vafeiadis,et al.  Modular fine-grained concurrency verification , 2008 .

[34]  Philippa Gardner,et al.  Towards a program logic for JavaScript , 2012, POPL '12.

[35]  Dino Distefano,et al.  Attacking Large Industrial Code with Bi-abductive Inference , 2009, FMICS.

[36]  Patrick Lincoln,et al.  Linear logic , 1992, SIGA.

[37]  Jim Woodcock,et al.  POSIX and the Verification Grand Challenge: A Roadmap , 2008, 13th IEEE International Conference on Engineering of Complex Computer Systems (iceccs 2008).

[38]  Matthew J. Parkinson,et al.  jStar: towards practical verification for java , 2008, OOPSLA.

[39]  Peter W. O'Hearn,et al.  BI as an assertion language for mutable data structures , 2001, POPL '01.

[40]  Peter W. O'Hearn,et al.  A Semantic Basis for Local Reasoning , 2002, FoSSaCS.

[41]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[42]  Mark J. Wheelhouse,et al.  Segment logic , 2012 .

[43]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[44]  Peter W. O'Hearn,et al.  The Logic of Bunched Implications , 1999, Bulletin of Symbolic Logic.

[45]  Frank Piessens,et al.  The VeriFast program verifier , 2008 .

[46]  Peter W. O'Hearn,et al.  Local Action and Abstract Separation Logic , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[47]  David Walker,et al.  Forest: a language and toolkit for programming with filestores , 2011, ICFP '11.

[48]  Hongseok Yang,et al.  Views: compositional reasoning for concurrent programs , 2013, POPL.

[49]  Edsger W. Dijkstra,et al.  The humble programmer , 1972, CACM.

[50]  Alon Y. Halevy,et al.  Updating XML , 2001, SIGMOD '01.

[51]  R. M. Burstall,et al.  Some Techniques for Proving Correctness of Programs which Alter Data Structures , 2013 .

[52]  John C. Reynolds,et al.  Syntactic control of interference , 1978, POPL.

[53]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[54]  Jim Woodcock,et al.  POSIX file store in Z/Eves: an experiment in the verified software repository , 2007, 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007).

[55]  Gavin M. Bierman,et al.  Separation logic and abstraction , 2005, POPL '05.

[56]  Wim H. Hesselink,et al.  Formalizing a hierarchical file system , 2009, Formal Aspects of Computing.

[57]  Philippa Gardner,et al.  Local Reasoning About Tree Update , 2006, MFPS.

[58]  Matthew J. Parkinson,et al.  Local reasoning for Java , 2005 .

[59]  Philippa Gardner,et al.  Context logic and tree update , 2005, POPL '05.

[60]  Peter Thiemann A Type Safe DOM API , 2005, DBPL.

[61]  Gareth Smith,et al.  Local reasoning about Web programs , 2011 .

[62]  Viktor Kuncak,et al.  Verifying a File System Implementation , 2004, ICFEM.

[63]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .

[64]  Thomas Ball,et al.  The Static Driver Verifier Research Platform , 2010, CAV.

[65]  Jim Woodcock,et al.  Verifying the CICS File Control API with Z/Eves: An Experiment in the Verified Software Repository , 2007, 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007).