A Decidable Fragment in Separation Logic with Inductive Predicates - - PowerPoint PPT Presentation

A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic

Quang Loc Le (TU) Makoto Tatsuta (NII) Jun Sun (SUTD) Wei-Ngan Chin (NUS)

Computer Aided Verification, 29th International Conference Heidelberg Germany

July 28, 2017

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 1 / 21

A fragment of Separation Logic

Formula Φ ::= ∆ | Φ1 ∨ Φ2 ∆ ::= ∃¯

• v. (κ∧π)

Spatial formula κ ::= emp | x→c(vi) | P(¯ v) | κ1∗κ2 Pure formula π ::= π1∧π2 | α | φ α: Pointer (Dis)Equalities φ: Presburger arithmetic

P: inductive predicate. Predicate Definition: P(¯

t) ≡ Φ Warning: no pointer arithmetic and no magic wand

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 2 / 21

A fragment of Separation Logic

Inductive predicate: Singly-linked list with size property pred ll size(root,n) ≡ emp∧root=null∧n=0 ∨ ∃ r,n1· root→node( ,r) ∗ ll size(r,n1) ∧ n=n1+1 Example: ll size(x,3) Numerical projection ll sizeN(n) ≡ n=0 ∨ ∃ n1· ll sizeN(n1)∧n=n1+1

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 3 / 21

Satisfiability Problem

Input: A formula ∆ in the fragment Question: Is ∆ satisfiable? Challenges: Unbounded heaps Infinite numerical domain

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 4 / 21

Satisfiability Problem

The satisfiability problem is undecidable by simulating Peano arithmetic (Tatsuta et. al. - APLAS 2016). What is decidable?

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 5 / 21

Contributions

Decidable Fragment: A subfragment which is decidable and more expressive than all fragments which have been shown to be decidable previously. Decision Procedure: Base Computation Compute for each inductive predicate a finite representation that precisely characterises its satisfiability.

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 6 / 21

Decidable Fragment

Finite Representation: Base Formula (without inductive predicates) Combining empty heap (emp), points-to (→), spatial conjunction (∗) and Presburger Arithmetic Example: SAT ∆1≡emp∧x=null∧n=0 UNSAT ∆2≡x→node(n,y) ∗ y→node(n−1,null)∧x=y The fragment of base formulas is decidable (Piskac, Wies and Zufferey - CAV 2013, Navarro and Rybalchenko

• APLAS 2013)

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 7 / 21

Foundation of Base Computation

For each formula, eliminating existentially quantified pointer-typed variables produces an equi-satisfiable formula. Example: ∆1≡∃r.ll size(r,n) ∧ x=null ∧ n=0 is equi-satisfiable with ∆2≡∃r.ll sizeN(n) ∧ x=null ∧ n=0 If ll sizeN(n) can be computed as a Presburger formula, then ∆2 can be reduced into a base formula and thus is decidable.

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 8 / 21

Decidable Fragment: Base Computation

Given an inductive predicate P(¯ x)≡Φ,

1

Construct a cyclic unfolding tree for ∆0 ≡ P(¯ x)

2

Flatten the tree into a disjunctive set of base formulas ∆0 ∆11 ∆⋆

12

∆21 ∆22 ∆31 ∆⋆

32

∆0 ∆11 ∆b31 ∆21 ∆22 baseP(P(¯ x))≡{∆21, ∆b31}

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 9 / 21

Constructing Cyclic Unfolding Tree

Given an inductive predicate P(¯ x)≡Φ, construct a unfolding tree for ∆0≡P(¯ x) through iterations of actions:

1

Choose a (open) leaf, close it if

it can be reduced into a base formula.

a base formula a formula in which pointer-typed parameters of every inductive predicates are existentially quantified.

its over-approximation is unsat. can be linked back to form a circular path.

2

Otherwise, unfold it. ∆0 ∆11 ∆⋆

12

∆21 ∆22 ∆31 ∆⋆

32

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 10 / 21

Constructing Cyclic Unfolding Tree

pred Q(x,y,n) ≡ ∃ y1.x→node(null,y1)∧y=null∧x=null∧n=1 ∨ ∃ x1,y1,n1.y→node(x1,y1) ∗ Q(x, y1, n1)∧y=null∧n=n1+2; ∆0 ≡ Q(x,y,n)

1

Base Detection. None

2

Over-Approximation. π0 ≡ true. Not UNSAT

3

Cyclic Detection. None

∆0

Figure : Unfolding Tree T0.

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 11 / 21

Constructing Cyclic Unfolding Tree

pred Q(x,y,n) ≡ ∃ y1.x→node(null,y1)∧y=null∧x=null∧n=1 ∨ ∃ x1,y1,n1.y→node(x1,y1) ∗ Q(x, y1, n1)∧y=null∧n=n1+2; ∆0≡Q(x,y,n) ∆1≡∃ y1.x→node(null, y1) ∧ y=null∧x=null∧n=1 ∆2≡∃ x1,y1,n1.y→node(x1,y1) ∗ Q(x, y1, n1)∧y=null∧n=n1+2

1

Base Detection. ∆1

2

Over-Approximation. π2≡∃ x1,y1,n1.y→node(x1,y1)∧true ∧y=null∧n=n1+2. Not UNSAT

3

Cyclic Detection. None

∆0 ∆1 ∆2

Figure : Unfolding Tree T1.

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 12 / 21

Constructing Cyclic Unfolding Tree

pred Q(x,y,n) ≡ ∃ y1.x→node(null,y1)∧y=null∧x=null∧n=1 ∨ ∃ x1,y1,n1.y→node(x1,y1) ∗ Q(x, y1, n1)∧y=null∧n=n1+2; ∆2≡∃ x1,y1,n1.y→node(x1,y1) ∗ Q(x, y1, n1)∧y=null∧n=n1+2 ∆3≡∃ x1,y1,n1,y2.y→node(x1,y1) ∗ x→node(null, y2) ∧ y1=null∧x=null∧n1=1∧y=null∧n=n1+2 ∆4≡∃ x1,y1,n1,x2,y2,n2.y→node(x1,y1)∗y1→node(x2,y2)∗ Q(x, y2, n2) ∧y1=null∧n1=n2+2∧y=null∧n=n1+2

1

Base Detection. ∆3

2

Over-Approximation. π4≡..... Not UNSAT

3

Cyclic Detection. Yes ∆0 ∆1 ∆♣

2

∆3 ∆♣

4

Figure : T Q

2 .

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 13 / 21

Constructing Cyclic Unfolding Tree

Cyclic Detection ∆2≡∃ x1,y1,n1.y→node(x1,y1) ∗ Q(x, y1, n1)∧y=null∧n=n1+2 ∆4≡∃ x1,y1,n1,x2,y2,n2.y→node(x1,y1)∗y1→node(x2,y2)∗ Q(x, y2, n2) ∧y1=null∧n1=n2+2∧y=null∧n=n1+2 Steps

1

matching externally visible points-to predicate: y→node( , )

2

matching externally visible inductive predicates: Q(x, , )

In general, we may need to group isomorphic inductive predicates beforehand (same predicate name and same sequence of free arguments)

3

matching externally visible (dis)equalities over pointers: y=null

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 14 / 21

Flattening Cyclic Unfolding Tree

∆0 ∆1 ∆♣

2

∆3 ∆♣

4

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 15 / 21

Flattening Cyclic Unfolding Tree

∆0 ∆1 ∆♣

2

∆3 ∆♣

4

∆0 ∆1 ∆2 ∆3 ∆4 ∆1

3

∆1

4

... ∆flat

3 ≡∆3 ∨ ∆1 3 ∨ ...

∆3≡ ∃ x1,y1,n1,y2.(y→node(x1,y1)∗x→node(null, y2)∧x=null∧ y=null∧n=n1+2) ∧ (y1=null∧n1=1) ∆1

3≡∃ x1,y1,n1,x2,y2,n2,y3.(y→node(x1,y1)∗x→node(null, y3)∧x=null

y=null∧n=n1+2) ∗ (y1→node(x2,y2)∧y2=null∧n1=n2+2∧ n2=1)

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 16 / 21

Flattening Cyclic Unfolding Tree

∆0 ∆1 ∆♣

2

∆3 ∆♣

4

Pcyc(n1)≡n1=1 ∨ ∃n2.n1=n2+2∧Pcyc(n2) Pcyc(n1)≡∃k.n1=2k+1∧k≥0 ∆b3 is equi-satisfiable to ∆flat

3 :

∆b3≡∃ x1,y1,x2,y2,n1.(y→node(x1,y1)∗x→node(null, y2)∧x=null∧ y=null∧n=n1+2)∧(∃k.n1=2k+1∧k≥0)

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 17 / 21

Flattening Cyclic Unfolding Tree

∆0 ∆1 ∆♣

2

∆3 ∆♣

4

= ⇒ ∆0 ∆1 ∆b3 baseP(Q(x, y, n))≡{∆1, ∆b3}

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 18 / 21

Proposed Decidable Fragment

An inductive predicate is in the proposed decidable fragment if all

numerical projections of base leaves; and Pcyc predicates

are Presburger-definable (i.e., can be computed as Presburger formulas). Some systems of arithmetic inductive predicates are Presburger-definable:

DPI (Tatsuta et. al. - APLAS 2016) periodic sets (Bozga et. al. - CAV 2010)

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 19 / 21

More in the paper

Correctness, Termination, Complexity

Correctness of Cyclic Proofs (Le et. al - CAV 2016)

Implementation and Evaluation

Based on HIP/SLEEK/S2 (Chin et. al. SCP 2012) Equi-satisfiable Bases (sll, dll, even lists, ..) Over-approximated/Under-approximated Bases (avl, rb, ..)

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 20 / 21

Conclusion

A decision procedure for an extensible decidable fragment in separation logic including general inductive predicates and arithmetic Base Computation: Construct Unfolding Tree ∆0 ∆11 ∆⋆

12

∆21 ∆22 ∆31 ∆⋆

32

Flatten Unfolding Tree ∆0 ∆11 ∆b31 ∆21 ∆22 baseP(P(¯ v))≡{∆21, ∆b31}

Loc Le (Teesside University) Decidable Fragment in Separation Logic July 28, 2017 21 / 21