an introduction to separation logic
play

An introduction to separation logic James Brotherston Programming - PowerPoint PPT Presentation

May 08, 2023 •151 likes •789 views

An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Logic Summer School, ANU, 7 December 2015 1/ 19

  1. An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Logic Summer School, ANU, 7 December 2015 1/ 19

  2. Introduction Verification of imperative programs is classically based on Hoare triples: { P } C { Q } where C is a program and P, Q are assertions in some logical language. 2/ 19

  3. Introduction Verification of imperative programs is classically based on Hoare triples: { P } C { Q } where C is a program and P, Q are assertions in some logical language. These are read, roughly speaking, as for any state σ satisfying P , if C transforms state σ to σ ′ , then σ ′ satisfies Q . 2/ 19

  4. Introduction Verification of imperative programs is classically based on Hoare triples: { P } C { Q } where C is a program and P, Q are assertions in some logical language. These are read, roughly speaking, as for any state σ satisfying P , if C transforms state σ to σ ′ , then σ ′ satisfies Q . (with some wriggle room allowing us to deal with faulting or non-termination in various ways.) 2/ 19

  5. Hoare-style verification A Hoare-style program logic therefore relies on three main components: 3/ 19

  6. Hoare-style verification A Hoare-style program logic therefore relies on three main components: 1. a language of programs, and an operational semantics explaining how they transform states; 3/ 19

  7. Hoare-style verification A Hoare-style program logic therefore relies on three main components: 1. a language of programs, and an operational semantics explaining how they transform states; 2. a language of logical assertions, and a semantics explaining how to read them as true or false in a particular state; 3/ 19

  8. Hoare-style verification A Hoare-style program logic therefore relies on three main components: 1. a language of programs, and an operational semantics explaining how they transform states; 2. a language of logical assertions, and a semantics explaining how to read them as true or false in a particular state; 3. a formal interpretation of Hoare triples, together with (sound) proof rules for manipulating them. 3/ 19

  9. Hoare-style verification A Hoare-style program logic therefore relies on three main components: 1. a language of programs, and an operational semantics explaining how they transform states; 2. a language of logical assertions, and a semantics explaining how to read them as true or false in a particular state; 3. a formal interpretation of Hoare triples, together with (sound) proof rules for manipulating them. We’ll look at these informally first, then introduce a little more formal detail. 3/ 19

  10. Programs, informally We consider a standard while language with pointers, memory (de)allocation and recursive procedures. 4/ 19

  11. Programs, informally We consider a standard while language with pointers, memory (de)allocation and recursive procedures.E.g.: deltree(*x) { if x=nil then return; else { l,r := x.left,x.right; deltree(l); deltree(r); free(x); } } 4/ 19

  12. Assertions, informally Our assertion language lets us describe heap data structures such as linked lists and trees. 5/ 19

  13. Assertions, informally Our assertion language lets us describe heap data structures such as linked lists and trees. E.g., binary trees with root pointer x can be defined by: x = nil : emp ⇒ tree ( x ) x � = nil : x �→ ( y, z ) ∗ tree ( y ) ∗ tree ( z ) ⇒ tree ( x ) 5/ 19

  14. Assertions, informally Our assertion language lets us describe heap data structures such as linked lists and trees. E.g., binary trees with root pointer x can be defined by: x = nil : emp ⇒ tree ( x ) x � = nil : x �→ ( y, z ) ∗ tree ( y ) ∗ tree ( z ) ⇒ tree ( x ) where • emp denotes the empty heap; 5/ 19

  15. Assertions, informally Our assertion language lets us describe heap data structures such as linked lists and trees. E.g., binary trees with root pointer x can be defined by: x = nil : emp ⇒ tree ( x ) x � = nil : x �→ ( y, z ) ∗ tree ( y ) ∗ tree ( z ) ⇒ tree ( x ) where • emp denotes the empty heap; • x �→ ( y, z ) denotes a single pointer to a pair of data cells; 5/ 19

  16. Assertions, informally Our assertion language lets us describe heap data structures such as linked lists and trees. E.g., binary trees with root pointer x can be defined by: x = nil : emp ⇒ tree ( x ) x � = nil : x �→ ( y, z ) ∗ tree ( y ) ∗ tree ( z ) ⇒ tree ( x ) where • emp denotes the empty heap; • x �→ ( y, z ) denotes a single pointer to a pair of data cells; • ∗ means “and separately in memory”. 5/ 19

  17. An example proof deltree(*x) { if x=nil then return; else { l,r := x.left,x.right; deltree(l); deltree(r); free(x); } } 6/ 19

  18. An example proof { tree ( x ) } deltree(*x) { if x=nil then return; else { l,r := x.left,x.right; deltree(l); deltree(r); free(x); } } { emp } 6/ 19

  19. An example proof { tree ( x ) } deltree(*x) { if x=nil then return; { emp } else { l,r := x.left,x.right; deltree(l); deltree(r); free(x); } } { emp } 6/ 19

  20. An example proof { tree ( x ) } deltree(*x) { if x=nil then return; { emp } else { { x �→ ( y, z ) ∗ tree ( y ) ∗ tree ( z ) } l,r := x.left,x.right; deltree(l); deltree(r); free(x); } } { emp } 6/ 19

  21. An example proof { tree ( x ) } deltree(*x) { if x=nil then return; { emp } else { { x �→ ( y, z ) ∗ tree ( y ) ∗ tree ( z ) } l,r := x.left,x.right; { x �→ ( l, r ) ∗ tree ( l ) ∗ tree ( r ) } deltree(l); deltree(r); free(x); } } { emp } 6/ 19

  22. An example proof { tree ( x ) } deltree(*x) { if x=nil then return; { emp } else { { x �→ ( y, z ) ∗ tree ( y ) ∗ tree ( z ) } l,r := x.left,x.right; { x �→ ( l, r ) ∗ tree ( l ) ∗ tree ( r ) } deltree(l); { x �→ ( l, r ) ∗ emp ∗ tree ( r ) } deltree(r); free(x); } } { emp } 6/ 19

  23. An example proof { tree ( x ) } deltree(*x) { if x=nil then return; { emp } else { { x �→ ( y, z ) ∗ tree ( y ) ∗ tree ( z ) } l,r := x.left,x.right; { x �→ ( l, r ) ∗ tree ( l ) ∗ tree ( r ) } deltree(l); { x �→ ( l, r ) ∗ emp ∗ tree ( r ) } deltree(r); { x �→ ( l, r ) ∗ emp ∗ emp } free(x); } } { emp } 6/ 19

  24. An example proof { tree ( x ) } deltree(*x) { if x=nil then return; { emp } else { { x �→ ( y, z ) ∗ tree ( y ) ∗ tree ( z ) } l,r := x.left,x.right; { x �→ ( l, r ) ∗ tree ( l ) ∗ tree ( r ) } deltree(l); { x �→ ( l, r ) ∗ emp ∗ tree ( r ) } deltree(r); { x �→ ( l, r ) ∗ emp ∗ emp } free(x); { emp ∗ emp ∗ emp } } } { emp } 6/ 19

  25. An example proof { tree ( x ) } deltree(*x) { if x=nil then return; { emp } else { { x �→ ( y, z ) ∗ tree ( y ) ∗ tree ( z ) } l,r := x.left,x.right; { x �→ ( l, r ) ∗ tree ( l ) ∗ tree ( r ) } deltree(l); { x �→ ( l, r ) ∗ emp ∗ tree ( r ) } deltree(r); { x �→ ( l, r ) ∗ emp ∗ emp } free(x); { emp ∗ emp ∗ emp } } { emp } } { emp } 6/ 19

  26. Frame property Consider the following step in the previous example: { x �→ ( l, r ) ∗ tree ( l ) ∗ tree ( r ) } deltree(l) { x �→ ( l, r ) ∗ emp ∗ tree ( r ) } 7/ 19

  27. Frame property Consider the following step in the previous example: { x �→ ( l, r ) ∗ tree ( l ) ∗ tree ( r ) } deltree(l) { x �→ ( l, r ) ∗ emp ∗ tree ( r ) } Implicitly, this relies on a framing property, namely: { tree ( l ) } deltree(l) { emp } { x �→ ( l, r ) ∗ tree ( l ) ∗ tree ( r ) } deltree(l) { x �→ ( l, r ) ∗ emp ∗ tree ( r ) } 7/ 19

  28. Classical failure of frame rule The so-called frame rule, { P } C { Q } { F ∧ P } C { F ∧ Q } is well known to fail in standard Hoare logic. 8/ 19

  29. Classical failure of frame rule The so-called frame rule, { P } C { Q } { F ∧ P } C { F ∧ Q } is well known to fail in standard Hoare logic.E.g., { x = 0 } x := 2 { x = 2 } { y = 0 ∧ x = 0 } x := 2 { y = 0 ∧ x = 2 } is not valid (because y could alias x ). 8/ 19

  30. Classical failure of frame rule The so-called frame rule, { P } C { Q } { F ∧ P } C { F ∧ Q } is well known to fail in standard Hoare logic.E.g., { x = 0 } x := 2 { x = 2 } { y = 0 ∧ x = 0 } x := 2 { y = 0 ∧ x = 2 } is not valid (because y could alias x ). As we’ll see, using the “separating conjunction” ∗ instead of ∧ will however give us a valid frame rule. 8/ 19

  31. Heap memory model • We assume an infinite set Val of values of which an infinite subset Loc ⊂ Val are allocable locations; nil is a non-allocable value. 9/ 19

  32. Heap memory model • We assume an infinite set Val of values of which an infinite subset Loc ⊂ Val are allocable locations; nil is a non-allocable value. • Stacks map variables to values, s : Var → Val . 9/ 19

  33. Heap memory model • We assume an infinite set Val of values of which an infinite subset Loc ⊂ Val are allocable locations; nil is a non-allocable value. • Stacks map variables to values, s : Var → Val . • Heaps map finitely many locations to values, h : Loc ⇀ fin Val . We write e for the empty heap (undefined on all locations). 9/ 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Oracle Labs, Brisbane, 4 December 2015 1/ 19

291 views • 27 slides
Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio Mansutti LSV, CNRS, ENS Paris-Saclay Paris - April 2019 What we will see An extension of propositional separation logic that can express some

569 views • 42 slides
Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of

Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of

Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of Cambridge CST Part II 2017/18 Introduction In the previous lectures, we have considered a language, WHILE , where mutability only concerned program

734 views • 57 slides
Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Dagstuhl, 2015-11-02 Plan for the talk Talk outline Motivation Basic separation logic Concurrent separation logic Frame inference

597 views • 21 slides
Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms Smaller Arthur Charguraud Franois Pottier LTP meeting Saclay, November 28, 2016 Motivation More Motivation Separation Logic with Read-Only

441 views • 27 slides
Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008 Timothe Martiel Research Topics in Software Engineering 1 / 19 Outline 1 From Separation Logic to Inheritance 2 Beyond Separation Logic 3 What About

553 views • 24 slides
Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St

Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St

Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St January 14, 2020 1 LSV, CNRS, ENS Paris-Saclay 2 I3S, Universit e C ote dAzur Separation Logic 99 Logic of Bunched Implication ( BI ) [P.

310 views • 27 slides
Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

CS6202: Advanced Topics in Programming Languages and Systems Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model Hoare-style Inference Rules Specification and Annotations Linked List and Segments

1.02k views • 76 slides
Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max

Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max

Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max Kanovich 2 1 Imperial College London 2 Queen Mary University of London LICS-25, University of Edinburgh, 12 July 2010 Separation logic (Reynolds,

1.11k views • 31 slides
Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 1 UCL 2 Middlesex University University of Vienna, 14 Mar 2017 1/ 19 Compositional proofs in separation logic (1) Separation

1.14k views • 91 slides
Separation logic and fragments: from expressive power to decision procedures St ephane Demri

Separation logic and fragments: from expressive power to decision procedures St ephane Demri

Separation logic and fragments: from expressive power to decision procedures St ephane Demri CNRS Marie Curie Fellow Yorktown Heights, March 2015 In Memoriam: Morgan Deters 2 Overview Separation Logic in a Nutshell 1 2 Expressive

915 views • 55 slides
Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that

Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that

Introduction Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that Separation Logic is based on. This lecture will Kasper Svendsen University of Cambridge introduce a formal proof system for Separation

740 views • 10 slides
Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

CS6202: Advanced Topics in Programming Hoare Logic Hoare Logic Languages and Systems Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview Notation : {P} code {Q} Assertion Logic {P}

557 views • 19 slides
Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa,

Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa,

Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa, Aquinas Hobor and John Wickerson IRIS Day OScience, Coronavirus Lockdown Edition Tuesday 7th April, 2020 1/ 13 Concurrent separation logic (

164 views • 13 slides
On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18

On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18

On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18 Warsaw, October 2018 The blossom of separation logics Separation logic: extension of Hoare-Floyd logic for (concurrent) programs with mutable data

642 views • 48 slides
Nested and Composite Classes Lecture 14 COP 3252 Summer 2017 May 30, 2017 Nested Classes

Nested and Composite Classes Lecture 14 COP 3252 Summer 2017 May 30, 2017 Nested Classes

Nested and Composite Classes Lecture 14 COP 3252 Summer 2017 May 30, 2017 Nested Classes The Java programming language allows you to define a class within another class. Such a class is called a nested class. Nested classes are divided

587 views • 6 slides
Clustering compositional data trajectories F. Greco , F. Bruno Dipartimento di Scienze Statistiche

Clustering compositional data trajectories F. Greco , F. Bruno Dipartimento di Scienze Statistiche

Clustering compositional data trajectories F. Greco , F. Bruno Dipartimento di Scienze Statistiche Universit di Bologna Outline We deal with trajectories of compositional data, that is with sequences of composition measurements in domains.

479 views • 33 slides
On Two Composition Operator in Dempster-Shafer Theory Radim Jirou sek Faculty of Management,

On Two Composition Operator in Dempster-Shafer Theory Radim Jirou sek Faculty of Management,

On Two Composition Operator in Dempster-Shafer Theory Radim Jirou sek Faculty of Management, Jind rich uv Hradec, Czech Republic & Institute of Information Theory and Automation Czech Academy of Sciences, Prague ISIPTA 2015

674 views • 30 slides
Compositional Semantics and Analysis of Hierarchical Block Diagrams Iulia Dragomir 1 joint work

Compositional Semantics and Analysis of Hierarchical Block Diagrams Iulia Dragomir 1 joint work

Compositional Semantics and Analysis of Hierarchical Block Diagrams Iulia Dragomir 1 joint work with Viorel Preoteasa 1 and Stavros Tripakis 1 , 2 1 Aalto University, Finland 2 UC Berkeley, USA Hierarchical block diagrams Consist of: atomic

556 views • 45 slides
Introduction to Predicate Logic Ling324 Reading: Meaning and Grammar , pg. 113-141 Usefulness of

Introduction to Predicate Logic Ling324 Reading: Meaning and Grammar , pg. 113-141 Usefulness of

Introduction to Predicate Logic Ling324 Reading: Meaning and Grammar , pg. 113-141 Usefulness of Predicate Logic for Natural Language Semantics While in propositional logic, we can only talk about sentences as a whole, predicate logic allows

1.1k views • 27 slides
Compositional Methods Alex Rabinovich Department of Computer Science Tel-Aviv University

Compositional Methods Alex Rabinovich Department of Computer Science Tel-Aviv University

Compositional Methods Alex Rabinovich Department of Computer Science Tel-Aviv University p.1/30 Composition Theorem s Composition Theorems are tools which reduce sentences about some compound structures to sentences about their parts.

771 views • 74 slides
CSCI 5832 Natural Language Processing Lecture 21 Jim Martin 4/24/07 CSCI 5832 Spring 2007 1

CSCI 5832 Natural Language Processing Lecture 21 Jim Martin 4/24/07 CSCI 5832 Spring 2007 1

CSCI 5832 Natural Language Processing Lecture 21 Jim Martin 4/24/07 CSCI 5832 Spring 2007 1 Today: 4/10 Compositional Semantics Syntax-driven methods of assigning semantics to sentences 4/24/07 CSCI 5832 Spring 2007 2 1 Meaning

615 views • 26 slides
Compositional Transfinite Semantics of While Hrmel Nestra Institute of Computer Science

Compositional Transfinite Semantics of While Hrmel Nestra Institute of Computer Science

1 Compositional Transfinite Semantics of While Hrmel Nestra Institute of Computer Science University of Tartu e-mail: harmel.nestra@ut.ee 2 1 Motivation: Semantic Anomaly of Program Slicing Motivation: Semantic Anomaly of Program Slicing

511 views • 33 slides

More recommend