a decidable fragment in separation logic with inductive
play

A Decidable Fragment in Separation Logic with Inductive Predicates - PowerPoint PPT Presentation

Mar 10, 2023 •265 likes •490 views

A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic Quang Loc Le (TU) Makoto Tatsuta (NII) Jun Sun (SUTD) Wei-Ngan Chin (NUS) Computer Aided Verification, 29th International Conference Heidelberg Germany July

  1. A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic Quang Loc Le (TU) Makoto Tatsuta (NII) Jun Sun (SUTD) Wei-Ngan Chin (NUS) Computer Aided Verification, 29th International Conference Heidelberg Germany July 28, 2017 Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 1 / 21

  2. A fragment of Separation Logic ∆ ::= ∃ ¯ Formula Φ ::= ∆ | Φ 1 ∨ Φ 2 v . ( κ ∧ π ) ::= emp | x �→ c ( v i ) | P (¯ Spatial formula v ) | κ 1 ∗ κ 2 κ Pure formula π ::= π 1 ∧ π 2 | α | φ α : Pointer (Dis)Equalities φ : Presburger arithmetic P : inductive predicate. Predicate Definition: P (¯ t ) ≡ Φ Warning: no pointer arithmetic and no magic wand Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 2 / 21

  3. A fragment of Separation Logic Inductive predicate: Singly-linked list with size property pred ll size ( root , n ) ≡ emp ∧ root = null ∧ n = 0 ∨ ∃ r , n 1 · root �→ node ( , r ) ∗ ll size ( r , n 1 ) ∧ n = n 1 + 1 Example: ll size ( x , 3 ) Numerical projection ll size N ( n ) ≡ n = 0 ∨ ∃ n 1 · ll size N ( n 1 ) ∧ n = n 1 + 1 Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 3 / 21

  4. Satisfiability Problem Input: A formula ∆ in the fragment Question: Is ∆ satisfiable? Challenges: Unbounded heaps Infinite numerical domain Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 4 / 21

  5. Satisfiability Problem The satisfiability problem is undecidable by simulating Peano arithmetic (Tatsuta et. al. - APLAS 2016). What is decidable? Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 5 / 21

  6. Contributions Decidable Fragment: A subfragment which is decidable and more expressive than all fragments which have been shown to be decidable previously. Decision Procedure: Base Computation Compute for each inductive predicate a finite representation that precisely characterises its satisfiability. Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 6 / 21

  7. Decidable Fragment Finite Representation: Base Formula (without inductive predicates) Combining empty heap ( emp ), points-to ( �→ ), spatial conjunction ( ∗ ) and Presburger Arithmetic Example: ∆ 1 ≡ emp ∧ x = null ∧ n = 0 SAT ∆ 2 ≡ x �→ node ( n , y ) ∗ y �→ node ( n − 1 , null ) ∧ x = y UNSAT The fragment of base formulas is decidable (Piskac, Wies and Zufferey - CAV 2013, Navarro and Rybalchenko - APLAS 2013) Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 7 / 21

  8. Foundation of Base Computation For each formula, eliminating existentially quantified pointer-typed variables produces an equi-satisfiable formula. Example: ∆ 1 ≡∃ r . ll size ( r , n ) ∧ x = null ∧ n = 0 is equi-satisfiable with ∆ 2 ≡∃ r . ll size N ( n ) ∧ x = null ∧ n = 0 If ll size N ( n ) can be computed as a Presburger formula, then ∆ 2 can be reduced into a base formula and thus is decidable. Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 8 / 21

  9. Decidable Fragment: Base Computation Given an inductive predicate P (¯ x ) ≡ Φ , Construct a cyclic unfolding tree for ∆ 0 ≡ P (¯ x ) 1 Flatten the tree into a disjunctive set of base formulas 2 ∆ 0 ∆ 0 ∆ 11 ∆ b 31 ∆ 11 ∆ ⋆ 12 ∆ 21 ∆ 22 ∆ 21 ∆ 22 ∆ 31 ∆ ⋆ 32 base P ( P (¯ x )) ≡{ ∆ 21 , ∆ b 31 } Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 9 / 21

  10. Constructing Cyclic Unfolding Tree Given an inductive predicate P (¯ x ) ≡ Φ , construct a unfolding tree for ∆ 0 ≡ P (¯ x ) through iterations of actions: Choose a (open) leaf, close it if 1 it can be reduced into a base formula. a base formula a formula in which pointer-typed parameters of every inductive predicates are existentially quantified. its over-approximation is unsat. can be linked back to form a circular path. Otherwise, unfold it. 2 ∆ 0 ∆ 11 ∆ ⋆ 12 ∆ 21 ∆ 22 ∆ 31 ∆ ⋆ 32 Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 10 / 21

  11. Constructing Cyclic Unfolding Tree pred Q ( x , y , n ) ≡ ∃ y 1 . x �→ node ( null , y 1 ) ∧ y = null ∧ x � = null ∧ n = 1 ∨ ∃ x 1 , y 1 , n 1 . y �→ node ( x 1 , y 1 ) ∗ Q ( x , y 1 , n 1 ) ∧ y � = null ∧ n = n 1 + 2 ; ∆ 0 ≡ Q ( x , y , n ) Base Detection. None 1 ∆ 0 Over-Approximation. π 0 ≡ true . 2 Not UNSAT Figure : Unfolding Tree T 0 . Cyclic Detection. None 3 Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 11 / 21

  12. Constructing Cyclic Unfolding Tree pred Q ( x , y , n ) ≡ ∃ y 1 . x �→ node ( null , y 1 ) ∧ y = null ∧ x � = null ∧ n = 1 ∨ ∃ x 1 , y 1 , n 1 . y �→ node ( x 1 , y 1 ) ∗ Q ( x , y 1 , n 1 ) ∧ y � = null ∧ n = n 1 + 2 ; ∆ 0 ≡ Q ( x , y , n ) ∆ 1 ≡∃ y 1 . x �→ node ( null , y 1 ) ∧ y = null ∧ x � = null ∧ n = 1 ∆ 2 ≡∃ x 1 , y 1 , n 1 . y �→ node ( x 1 , y 1 ) ∗ Q ( x , y 1 , n 1 ) ∧ y � = null ∧ n = n 1 + 2 Base Detection. ∆ 1 1 ∆ 0 Over-Approximation. 2 π 2 ≡∃ x 1 , y 1 , n 1 . y �→ node ( x 1 , y 1 ) ∧ true ∆ 1 ∆ 2 ∧ y � = null ∧ n = n 1 + 2. Not UNSAT Figure : Unfolding Tree T 1 . Cyclic Detection. None 3 Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 12 / 21

  13. Constructing Cyclic Unfolding Tree pred Q ( x , y , n ) ≡ ∃ y 1 . x �→ node ( null , y 1 ) ∧ y = null ∧ x � = null ∧ n = 1 ∨ ∃ x 1 , y 1 , n 1 . y �→ node ( x 1 , y 1 ) ∗ Q ( x , y 1 , n 1 ) ∧ y � = null ∧ n = n 1 + 2 ; ∆ 2 ≡∃ x 1 , y 1 , n 1 . y �→ node ( x 1 , y 1 ) ∗ Q ( x , y 1 , n 1 ) ∧ y � = null ∧ n = n 1 + 2 ∆ 3 ≡∃ x 1 , y 1 , n 1 , y 2 . y �→ node ( x 1 , y 1 ) ∗ x �→ node ( null , y 2 ) ∧ y 1 = null ∧ x � = null ∧ n 1 = 1 ∧ y � = null ∧ n = n 1 + 2 ∆ 4 ≡∃ x 1 , y 1 , n 1 , x 2 , y 2 , n 2 . y �→ node ( x 1 , y 1 ) ∗ y 1 �→ node ( x 2 , y 2 ) ∗ Q ( x , y 2 , n 2 ) ∧ y 1 � = null ∧ n 1 = n 2 + 2 ∧ y � = null ∧ n = n 1 + 2 ∆ 0 Base Detection. ∆ 3 1 Over-Approximation. π 4 ≡ .... . ∆ 1 ∆ ♣ 2 2 Not UNSAT ∆ 3 Cyclic Detection. Yes ∆ ♣ 3 4 Figure : T Q 2 . Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 13 / 21

  14. Constructing Cyclic Unfolding Tree Cyclic Detection ∆ 2 ≡∃ x 1 , y 1 , n 1 . y �→ node ( x 1 , y 1 ) ∗ Q ( x , y 1 , n 1 ) ∧ y � = null ∧ n = n 1 + 2 ∆ 4 ≡∃ x 1 , y 1 , n 1 , x 2 , y 2 , n 2 . y �→ node ( x 1 , y 1 ) ∗ y 1 �→ node ( x 2 , y 2 ) ∗ Q ( x , y 2 , n 2 ) ∧ y 1 � = null ∧ n 1 = n 2 + 2 ∧ y � = null ∧ n = n 1 + 2 Steps matching externally visible points-to predicate: y �→ node ( , ) 1 matching externally visible inductive predicates: Q ( x , , ) 2 In general, we may need to group isomorphic inductive predicates beforehand (same predicate name and same sequence of free arguments) matching externally visible (dis)equalities over pointers: y � = null 3 Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 14 / 21

  15. Flattening Cyclic Unfolding Tree ∆ 0 ∆ 1 ∆ ♣ 2 ∆ 3 ∆ ♣ 4 Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 15 / 21

  16. Flattening Cyclic Unfolding Tree ∆ 0 ∆ 0 ∆ 1 ∆ 2 ∆ 1 ∆ ♣ 2 ∆ 3 ∆ 4 ∆ 3 ∆ ♣ ∆ 1 ∆ 1 4 3 4 ... ∆ flat 3 ≡ ∆ 3 ∨ ∆ 1 3 ∨ ... ∆ 3 ≡ ∃ x 1 , y 1 , n 1 , y 2 . ( y �→ node ( x 1 , y 1 ) ∗ x �→ node ( null , y 2 ) ∧ x � = null ∧ y � = null ∧ n = n 1 + 2 ) ∧ ( y 1 = null ∧ n 1 = 1 ) ∆ 1 3 ≡∃ x 1 , y 1 , n 1 , x 2 , y 2 , n 2 , y 3 . ( y �→ node ( x 1 , y 1 ) ∗ x �→ node ( null , y 3 ) ∧ x � = null y � = null ∧ n = n 1 + 2 ) ∗ ( y 1 �→ node ( x 2 , y 2 ) ∧ y 2 = null ∧ n 1 = n 2 + 2 ∧ n 2 = 1 ) Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 16 / 21

  17. Flattening Cyclic Unfolding Tree ∆ 0 ∆ 1 ∆ ♣ 2 ∆ 3 ∆ ♣ 4 P cyc ( n 1 ) ≡ n 1 = 1 ∨ ∃ n 2 . n 1 = n 2 + 2 ∧ P cyc ( n 2 ) P cyc ( n 1 ) ≡∃ k . n 1 = 2 k + 1 ∧ k ≥ 0 ∆ b 3 is equi-satisfiable to ∆ flat 3 : ∆ b 3 ≡∃ x 1 , y 1 , x 2 , y 2 , n 1 . ( y �→ node ( x 1 , y 1 ) ∗ x �→ node ( null , y 2 ) ∧ x � = null ∧ y � = null ∧ n = n 1 + 2 ) ∧ ( ∃ k . n 1 = 2 k + 1 ∧ k ≥ 0 ) Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 17 / 21

  18. Flattening Cyclic Unfolding Tree ∆ 0 ∆ 0 = ⇒ ∆ 1 ∆ b 3 ∆ 1 ∆ ♣ 2 ∆ 3 ∆ ♣ 4 base P ( Q ( x , y , n )) ≡{ ∆ 1 , ∆ b 3 } Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 18 / 21

  19. Proposed Decidable Fragment An inductive predicate is in the proposed decidable fragment if all numerical projections of base leaves; and P cyc predicates are Presburger-definable (i.e., can be computed as Presburger formulas). Some systems of arithmetic inductive predicates are Presburger-definable: DPI (Tatsuta et. al. - APLAS 2016) periodic sets (Bozga et. al. - CAV 2010) Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 19 / 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Deep Embedding of a Decidable Fragment of Separation Logic in HOL Thomas Tuerk Mike Gordon

A Deep Embedding of a Decidable Fragment of Separation Logic in HOL Thomas Tuerk Mike Gordon

Motivation Basic Definitions Entailments HOL embedding Example Conclusions and Future Work A Deep Embedding of a Decidable Fragment of Separation Logic in HOL Thomas Tuerk Mike Gordon ARG Lunch, 26th June 2006 Motivation Basic

567 views • 40 slides
11. Arrays 11- 1 (2) Array Property Fragment of T A Decidable fragment of T A that includes

11. Arrays 11- 1 (2) Array Property Fragment of T A Decidable fragment of T A that includes

11. Arrays 11- 1 (2) Array Property Fragment of T A Decidable fragment of T A that includes quantifiers Array property A -formula of form i . F [ i ] G [ i ] , where i is a list of variables. index guard F [ i ]: iguard

1.19k views • 21 slides
On a Decidable Fragment of d L or, The Next 700 (Un)decidable Fragments of d L David M Kahn Siva

On a Decidable Fragment of d L or, The Next 700 (Un)decidable Fragments of d L David M Kahn Siva

On a Decidable Fragment of d L or, The Next 700 (Un)decidable Fragments of d L David M Kahn Siva Somayyajula Carnegie Mellon University December 11, 2018 David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 1

855 views • 28 slides
Disproving Inductive Entailments in Separation Logic via Base Pair Approximation James Brotherston

Disproving Inductive Entailments in Separation Logic via Base Pair Approximation James Brotherston

Disproving Inductive Entailments in Separation Logic via Base Pair Approximation James Brotherston 1 Nikos Gorogiannis 2 1 UCL 2 Middlesex University TABLEAUX15, Wroclaw, 23 Sept 2015 1/ 16 Disproof, in general Disproof is the problem of

624 views • 51 slides
Model Checking for Symbolic-Heap Separation Logic with Inductive Predicates James Brotherston 1

Model Checking for Symbolic-Heap Separation Logic with Inductive Predicates James Brotherston 1

Model Checking for Symbolic-Heap Separation Logic with Inductive Predicates James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 Reuben Rowe 1 1 UCL 2 Middlesex University Australian National University, Canberra, 9 December 2015 1/ 24 Model

1.13k views • 81 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio Mansutti LSV, CNRS, ENS Paris-Saclay Paris - April 2019 What we will see An extension of propositional separation logic that can express some

569 views • 42 slides
Logic as a Tool Chapter 1: Understanding Propositional Logic 1.4 Inductive definitions

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.4 Inductive definitions

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.4 Inductive definitions Structural induction and recursion Valentin Goranko Stockholm University October 2016 Goranko Introduction Inductive definitions: a special kind of

1.23k views • 108 slides
Targeted Mailing Inductive Logic Programming Fabrizio Riguzzi University of Ferrara If

Targeted Mailing Inductive Logic Programming Fabrizio Riguzzi University of Ferrara If

Targeted Mailing Inductive Logic Programming Fabrizio Riguzzi University of Ferrara If Age<30 and Address=ca then Resp=yes Inductive Logic Programming p. 1/93 Inductive Logic Programming p. 2/93 Join Multi Table The customer will

583 views • 24 slides
Introduction to Inductive Logic Programming Stephen Muggleton Department of Computing Imperial

Introduction to Inductive Logic Programming Stephen Muggleton Department of Computing Imperial

Introduction to Inductive Logic Programming Stephen Muggleton Department of Computing Imperial College, London Motivation Logic Program [Kowalski, 1980] Inductive Logic Programming [Muggleton, 1991] Machine Learn arbitrary programs

490 views • 17 slides
Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Dagstuhl, 2015-11-02 Plan for the talk Talk outline Motivation Basic separation logic Concurrent separation logic Frame inference

597 views • 21 slides
Pure Inductive Logic Jeff Paris School of Mathematics, University of Manchester in

Pure Inductive Logic Jeff Paris School of Mathematics, University of Manchester in

Pure Inductive Logic Jeff Paris School of Mathematics, University of Manchester in collaboration with J urgen Landes, Chris Nix, Alena Vencovsk a Jeff Paris Pure Inductive Logic Page 1 of 1 Jeff Paris Pure Inductive Logic et-

754 views • 53 slides
Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms Smaller Arthur Charguraud Franois Pottier LTP meeting Saclay, November 28, 2016 Motivation More Motivation Separation Logic with Read-Only

441 views • 27 slides
Logic Programming in a Fragment of Intuitionistic Linear Logic by Joshua Hodas , PhD student at

Logic Programming in a Fragment of Intuitionistic Linear Logic by Joshua Hodas , PhD student at

Logic Programming in a Fragment of Intuitionistic Linear Logic by Joshua Hodas , PhD student at UPenn [now an attorney in Los Angeles] and Dale Miller , Edinburgh (sabbatical leave from UPenn) [now INRIA] A revised version appears in

213 views • 5 slides
Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008 Timothe Martiel Research Topics in Software Engineering 1 / 19 Outline 1 From Separation Logic to Inheritance 2 Beyond Separation Logic 3 What About

553 views • 24 slides
The Calculus of Computation: Decision Procedures with 11. Arrays Applications to Verification

The Calculus of Computation: Decision Procedures with 11. Arrays Applications to Verification

The Calculus of Computation: Decision Procedures with 11. Arrays Applications to Verification by Aaron Bradley Zohar Manna Springer 2007 11- 1 11- 2 (2) Array Property Fragment of T A Array Property Fragment of T A Decidable fragment of T A

425 views • 6 slides
Geometric Representations 3D Graphics Motivation Geometric representation What do we want

Geometric Representations 3D Graphics Motivation Geometric representation What do we want

Geometric Representations 3D Graphics Motivation Geometric representation What do we want to do? empty space (typically 3 ) B geometric object B 3 Fundamental problem The Problem: d B infinite number of

954 views • 47 slides
Welcome! COMP2521 19T0 Data Structures + Algorithms COMP2521 19T0 lec01 cs2521@ jashankj@

Welcome! COMP2521 19T0 Data Structures + Algorithms COMP2521 19T0 lec01 cs2521@ jashankj@

COMP2521 19T0 lec01 cs2521@ jashankj@ Outline Syntax LLs Tools Welcome! COMP2521 19T0 Data Structures + Algorithms COMP2521 19T0 lec01 cs2521@ jashankj@ Outline Syntax LLs Tools COMP2521 19T0 Week 1, Tuesday: Hello, world!

1.63k views • 98 slides
LS1 Activities of the ATLAS Software Project Markus Elsing report at the PH-SFT group meeting

LS1 Activities of the ATLAS Software Project Markus Elsing report at the PH-SFT group meeting

LS1 Activities of the ATLAS Software Project Markus Elsing report at the PH-SFT group meeting December 9th, 2013 reconstructed event in Phase-2 tracker Introduction and Outline the challenges GRID CPU Consumption MC Simulation pileup

675 views • 40 slides
Malware Reading Material Ken Thompson and Trojans

Malware Reading Material Ken Thompson and Trojans

Malware Reading Material Ken Thompson and Trojans h6p://www.ece.cmu.edu/~ganger/712.fall02/ papers/p761-thompson.pdf Worm Anatomy and Model

1.65k views • 130 slides
Using Machines to Exploit Machines Harnessing AI to Accelerate Exploitation Guy Barnhart-Magen

Using Machines to Exploit Machines Harnessing AI to Accelerate Exploitation Guy Barnhart-Magen

Using Machines to Exploit Machines Harnessing AI to Accelerate Exploitation Guy Barnhart-Magen Ezra Caltum @barnhartguy @aCaltum Legal Notice and Disclaimers This presentation contains the general insights and opinions of its authors, Guy

731 views • 58 slides
Introduction to Human-Computer Interaction Guest Lectures in the Course Software Engineering

Introduction to Human-Computer Interaction Guest Lectures in the Course Software Engineering

Introduction to Human-Computer Interaction Guest Lectures in the Course Software Engineering (D7025E) Matthias Kranz Department of Computer Science, Electrical and Space Engineering, Lule University of Technology, Sweden

1.57k views • 115 slides
+30 26510 98808, Fax: +30 26510 98890, URL: http://www.cs.uoi.gr/~faturu/

+30 26510 98808, Fax: +30 26510 98890, URL: http://www.cs.uoi.gr/~faturu/

s r

1.65k views • 124 slides
PICO: ASIC Synthesis from C Rob Schreiber Shail Aditya Bob Rau Vinod Kathail Scott Mahlke

PICO: ASIC Synthesis from C Rob Schreiber Shail Aditya Bob Rau Vinod Kathail Scott Mahlke

PICO: ASIC Synthesis from C Rob Schreiber Shail Aditya Bob Rau Vinod Kathail Scott Mahlke Darren Cronquist Mukund Sivaraman HP Labs, Palo Alto R. Schreiber MPsoc Workshop, July 2002 Outline What Can PICO Do for an SOC

604 views • 42 slides

More recommend