biabduction and related problems in array separation logic
play

Biabduction (and Related Problems) in Array Separation Logic James - PowerPoint PPT Presentation

Nov 23, 2022 •221 likes •1.14k views

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 1 UCL 2 Middlesex University University of Vienna, 14 Mar 2017 1/ 19 Compositional proofs in separation logic (1) Separation

  1. Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 1 UCL 2 Middlesex University University of Vienna, 14 Mar 2017 1/ 19

  2. Compositional proofs in separation logic (1) • Separation logic is based on Hoare triples { A } C { B } , where C is a program and A , B are formulas. 2/ 19

  3. Compositional proofs in separation logic (1) • Separation logic is based on Hoare triples { A } C { B } , where C is a program and A , B are formulas. • Its compositional nature, the key to scalable analysis, is supported by two main pillars. 2/ 19

  4. Compositional proofs in separation logic (1) • Separation logic is based on Hoare triples { A } C { B } , where C is a program and A , B are formulas. • Its compositional nature, the key to scalable analysis, is supported by two main pillars. • The first pillar is the soundness of the following frame rule: { A } C { B } (Frame) { A ∗ F } C { B ∗ F } where the separating conjunction ∗ is read, intuitively, as “and separately in memory” . 2/ 19

  5. Compositional proofs in separation logic (2) • The second pillar is given by solving the biabduction problem: 3/ 19

  6. Compositional proofs in separation logic (2) • The second pillar is given by solving the biabduction problem: given formulas A and B , find formulas X , Y with A ∗ X | = B ∗ Y , and A ∗ X is satisfiable. 3/ 19

  7. Compositional proofs in separation logic (2) • The second pillar is given by solving the biabduction problem: given formulas A and B , find formulas X , Y with A ∗ X | = B ∗ Y , and A ∗ X is satisfiable. • Then, if we have { A ′ } C 1 { A } and { B } C 2 { B ′ } , we can infer a spec for C 1 ; C 2 : 3/ 19

  8. Compositional proofs in separation logic (2) • The second pillar is given by solving the biabduction problem: given formulas A and B , find formulas X , Y with A ∗ X | = B ∗ Y , and A ∗ X is satisfiable. • Then, if we have { A ′ } C 1 { A } and { B } C 2 { B ′ } , we can infer a spec for C 1 ; C 2 : { A ′ } C 1 { A } (Frame) { A ′ ∗ X } C 1 { A ∗ X } { B } C 2 { B ′ } ( | =) (Frame) { A ′ ∗ X } C 1 { B ∗ Y } { B ∗ Y } C 2 { B ′ ∗ Y } (;) { A ′ ∗ X } C 1 ; C 2 { B ′ ∗ Y } 3/ 19

  9. Symbolic-heap separation logic • Terms t , pure formulas Π and spatial formulas F given by: ::= x ∈ Var | nil t Π ::= t = t | t � = t | Π ∧ Π ::= emp | t �→ t | ls( t , t ) | F ∗ F F 4/ 19

  10. Symbolic-heap separation logic • Terms t , pure formulas Π and spatial formulas F given by: ::= x ∈ Var | nil t Π ::= t = t | t � = t | Π ∧ Π ::= emp | t �→ t | ls( t , t ) | F ∗ F F • t 1 �→ t 2 (“points-to”) denotes a pointer in the heap. 4/ 19

  11. Symbolic-heap separation logic • Terms t , pure formulas Π and spatial formulas F given by: ::= x ∈ Var | nil t Π ::= t = t | t � = t | Π ∧ Π ::= emp | t �→ t | ls( t , t ) | F ∗ F F • t 1 �→ t 2 (“points-to”) denotes a pointer in the heap. • ls( t 1 , t 2 ) denotes a linked list segment in the heap. 4/ 19

  12. Symbolic-heap separation logic • Terms t , pure formulas Π and spatial formulas F given by: ::= x ∈ Var | nil t Π ::= t = t | t � = t | Π ∧ Π ::= emp | t �→ t | ls( t , t ) | F ∗ F F • t 1 �→ t 2 (“points-to”) denotes a pointer in the heap. • ls( t 1 , t 2 ) denotes a linked list segment in the heap. • ∗ (“and separately”) demarks domain-disjoint heaps. 4/ 19

  13. Symbolic-heap separation logic • Terms t , pure formulas Π and spatial formulas F given by: ::= x ∈ Var | nil t Π ::= t = t | t � = t | Π ∧ Π ::= emp | t �→ t | ls( t , t ) | F ∗ F F • t 1 �→ t 2 (“points-to”) denotes a pointer in the heap. • ls( t 1 , t 2 ) denotes a linked list segment in the heap. • ∗ (“and separately”) demarks domain-disjoint heaps. • Symbolic heaps given by ∃ x . Π : F . 4/ 19

  14. Array separation logic, ASL • Here we focus on a different data structure, namely arrays. 5/ 19

  15. Array separation logic, ASL • Here we focus on a different data structure, namely arrays. • Terms t , pure formulas Π and spatial formulas F given by: t ::= x ∈ Var | n ∈ N | t + t Π ::= t = t | t � = t | t ≤ t | t < t | Π ∧ Π F ::= emp | t �→ t | array( t , t ) | F ∗ F 5/ 19

  16. Array separation logic, ASL • Here we focus on a different data structure, namely arrays. • Terms t , pure formulas Π and spatial formulas F given by: t ::= x ∈ Var | n ∈ N | t + t Π ::= t = t | t � = t | t ≤ t | t < t | Π ∧ Π F ::= emp | t �→ t | array( t , t ) | F ∗ F • array( t 1 , t 2 ) denotes an array from t 1 to t 2 (inclusive): t 2 − t 1 +1 � �� � · · · . . . · · · t 1 t 2 5/ 19

  17. Array separation logic, ASL • Here we focus on a different data structure, namely arrays. • Terms t , pure formulas Π and spatial formulas F given by: t ::= x ∈ Var | n ∈ N | t + t Π ::= t = t | t � = t | t ≤ t | t < t | Π ∧ Π F ::= emp | t �→ t | array( t , t ) | F ∗ F • array( t 1 , t 2 ) denotes an array from t 1 to t 2 (inclusive): t 2 − t 1 +1 � �� � · · · . . . · · · t 1 t 2 • We also allow linear arithmetic in the pure part. 5/ 19

  18. Semantics of ASL • Stacks are s : Var → Val; heaps are h : Loc ⇀ fin Val; ◦ is union of domain-disjoint heaps; e is the empty heap. 6/ 19

  19. Semantics of ASL • Stacks are s : Var → Val; heaps are h : Loc ⇀ fin Val; ◦ is union of domain-disjoint heaps; e is the empty heap. • Forcing relation s , h | = A given by s , h | = t 1 ∼ t 2 ⇔ s ( t 1 ) ∼ s ( t 2 ) ( ∼ ∈ { = , � = , <, ≤} ) s , h | = Π 1 ∧ Π 2 ⇔ s , h | = Π 1 and s , h | = Π 2 6/ 19

  20. Semantics of ASL • Stacks are s : Var → Val; heaps are h : Loc ⇀ fin Val; ◦ is union of domain-disjoint heaps; e is the empty heap. • Forcing relation s , h | = A given by s , h | = t 1 ∼ t 2 ⇔ s ( t 1 ) ∼ s ( t 2 ) ( ∼ ∈ { = , � = , <, ≤} ) s , h | = Π 1 ∧ Π 2 ⇔ s , h | = Π 1 and s , h | = Π 2 s , h | = emp ⇔ h = e s , h | = t 1 �→ t 2 ⇔ dom ( h ) = { s ( t 1 ) } and h ( s ( t 1 )) = s ( t 2 ) 6/ 19

  21. Semantics of ASL • Stacks are s : Var → Val; heaps are h : Loc ⇀ fin Val; ◦ is union of domain-disjoint heaps; e is the empty heap. • Forcing relation s , h | = A given by s , h | = t 1 ∼ t 2 ⇔ s ( t 1 ) ∼ s ( t 2 ) ( ∼ ∈ { = , � = , <, ≤} ) s , h | = Π 1 ∧ Π 2 ⇔ s , h | = Π 1 and s , h | = Π 2 s , h | = emp ⇔ h = e s , h | = t 1 �→ t 2 ⇔ dom ( h ) = { s ( t 1 ) } and h ( s ( t 1 )) = s ( t 2 ) s , h | = array( t 1 , t 2 ) ⇔ s ( t 1 ) ≤ s ( t 2 ) and dom ( h ) = { s ( t 1 ) , . . . , s ( t 2 ) } 6/ 19

  22. Semantics of ASL • Stacks are s : Var → Val; heaps are h : Loc ⇀ fin Val; ◦ is union of domain-disjoint heaps; e is the empty heap. • Forcing relation s , h | = A given by s , h | = t 1 ∼ t 2 ⇔ s ( t 1 ) ∼ s ( t 2 ) ( ∼ ∈ { = , � = , <, ≤} ) s , h | = Π 1 ∧ Π 2 ⇔ s , h | = Π 1 and s , h | = Π 2 s , h | = emp ⇔ h = e s , h | = t 1 �→ t 2 ⇔ dom ( h ) = { s ( t 1 ) } and h ( s ( t 1 )) = s ( t 2 ) s , h | = array( t 1 , t 2 ) ⇔ s ( t 1 ) ≤ s ( t 2 ) and dom ( h ) = { s ( t 1 ) , . . . , s ( t 2 ) } s , h | = F 1 ∗ F 2 ⇔ h = h 1 ◦ h 2 and s , h 1 | = F 1 and s , h 2 | = F 2 6/ 19

  23. Semantics of ASL • Stacks are s : Var → Val; heaps are h : Loc ⇀ fin Val; ◦ is union of domain-disjoint heaps; e is the empty heap. • Forcing relation s , h | = A given by s , h | = t 1 ∼ t 2 ⇔ s ( t 1 ) ∼ s ( t 2 ) ( ∼ ∈ { = , � = , <, ≤} ) s , h | = Π 1 ∧ Π 2 ⇔ s , h | = Π 1 and s , h | = Π 2 s , h | = emp ⇔ h = e s , h | = t 1 �→ t 2 ⇔ dom ( h ) = { s ( t 1 ) } and h ( s ( t 1 )) = s ( t 2 ) s , h | = array( t 1 , t 2 ) ⇔ s ( t 1 ) ≤ s ( t 2 ) and dom ( h ) = { s ( t 1 ) , . . . , s ( t 2 ) } s , h | = F 1 ∗ F 2 ⇔ h = h 1 ◦ h 2 and s , h 1 | = F 1 and s , h 2 | = F 2 s , h | = ∃ z . Π : F ⇔ ∃ v . s [ z �→ v ] , h | = Π and s [ z �→ v ] , h | = F 6/ 19

  24. Motivating example Suppose we have procedure foo with spec { array( c , d ) } foo ( c , d ) { Q } 7/ 19

  25. Motivating example Suppose we have procedure foo with spec { array( c , d ) } foo ( c , d ) { Q } Now, consider code C ; foo ( c , d ); . . . , with spec for C { emp } C { array( a , b ) } 7/ 19

  26. Motivating example Suppose we have procedure foo with spec { array( c , d ) } foo ( c , d ) { Q } Now, consider code C ; foo ( c , d ); . . . , with spec for C { emp } C { array( a , b ) } By solving the biabduction problem array( a , b ) ∗ X | = array( c , d ) ∗ Y we get a valid spec { X } C ; foo ( c , d ) { Q ∗ Y } . 7/ 19

  27. Motivating example Suppose we have procedure foo with spec { array( c , d ) } foo ( c , d ) { Q } Now, consider code C ; foo ( c , d ); . . . , with spec for C { emp } C { array( a , b ) } By solving the biabduction problem array( a , b ) ∗ X | = array( c , d ) ∗ Y we get a valid spec { X } C ; foo ( c , d ) { Q ∗ Y } . Spatially minimal, and incomparable, solutions include: X := a = c ∧ b = d : emp and Y := emp X := d < a : array( c , d ) and Y := array( a , b ) X := a < c ∧ b < d : emp and Y := array( a , c − 1) ∗ array( b + 1 , d ) X := a < c < b < d : array( b + 1 , d ) and Y := array( a , c − 1) 7/ 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio Mansutti LSV, CNRS, ENS Paris-Saclay Paris - April 2019 What we will see An extension of propositional separation logic that can express some

569 views • 42 slides
Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Dagstuhl, 2015-11-02 Plan for the talk Talk outline Motivation Basic separation logic Concurrent separation logic Frame inference

597 views • 21 slides
Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms Smaller Arthur Charguraud Franois Pottier LTP meeting Saclay, November 28, 2016 Motivation More Motivation Separation Logic with Read-Only

441 views • 27 slides
Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008 Timothe Martiel Research Topics in Software Engineering 1 / 19 Outline 1 From Separation Logic to Inheritance 2 Beyond Separation Logic 3 What About

553 views • 24 slides
An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Logic Summer School, ANU, 7 December 2015 1/ 19

789 views • 63 slides
Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St

Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St

Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St January 14, 2020 1 LSV, CNRS, ENS Paris-Saclay 2 I3S, Universit e C ote dAzur Separation Logic 99 Logic of Bunched Implication ( BI ) [P.

310 views • 27 slides
Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

CS6202: Advanced Topics in Programming Languages and Systems Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model Hoare-style Inference Rules Specification and Annotations Linked List and Segments

1.02k views • 76 slides
Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max

Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max

Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max Kanovich 2 1 Imperial College London 2 Queen Mary University of London LICS-25, University of Edinburgh, 12 July 2010 Separation logic (Reynolds,

1.11k views • 31 slides
Separation logic and fragments: from expressive power to decision procedures St ephane Demri

Separation logic and fragments: from expressive power to decision procedures St ephane Demri

Separation logic and fragments: from expressive power to decision procedures St ephane Demri CNRS Marie Curie Fellow Yorktown Heights, March 2015 In Memoriam: Morgan Deters 2 Overview Separation Logic in a Nutshell 1 2 Expressive

915 views • 55 slides
Field Programmable Gate Array - What is it? 2D array of logic blocks surrounded by a

Field Programmable Gate Array - What is it? 2D array of logic blocks surrounded by a

Field Programmable Gate Array - What is it? 2D array of logic blocks surrounded by a interconnection matrix and I/O Fundamental Structure Altera Cyclone IV Programmable, but not in the usual sense Programmed with a bit file loaded into

850 views • 5 slides
An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Oracle Labs, Brisbane, 4 December 2015 1/ 19

291 views • 27 slides
Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

CS6202: Advanced Topics in Programming Hoare Logic Hoare Logic Languages and Systems Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview Notation : {P} code {Q} Assertion Logic {P}

557 views • 19 slides
Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa,

Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa,

Reasoning over Permissions Regions in Concurrent Separation Logic James Brotherston, Diana Costa, Aquinas Hobor and John Wickerson IRIS Day OScience, Coronavirus Lockdown Edition Tuesday 7th April, 2020 1/ 13 Concurrent separation logic (

164 views • 13 slides
On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18

On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18

On Temporal and Separation Logics St ephane Demri CNRS, LSV, ENS Paris-Saclay TIME18 Warsaw, October 2018 The blossom of separation logics Separation logic: extension of Hoare-Floyd logic for (concurrent) programs with mutable data

642 views • 48 slides
Charge! a framework for higher-order separation logic in Coq Lars Birkedal Logic and Semantics

Charge! a framework for higher-order separation logic in Coq Lars Birkedal Logic and Semantics

Charge! a framework for higher-order separation logic in Coq Lars Birkedal Logic and Semantics Group Dept. of Comp. Science, Aarhus University (Joint work with J. Bengtson, J.B. Jensen, H. Mehnert, P . Sestoft, F . Sieczkowski) April 2013

499 views • 34 slides
Forbidden local bases David Milovich Texas A&amp;M International University

Forbidden local bases David Milovich Texas A&amp;M International University

Forbidden local bases David Milovich Texas A&amp;M International University david.milovich@tamiu.edu http://www.tamiu.edu/ dmilovich/ March 31, 2012 ASL Annual North American Meeting Madison, WI 1 / 12 Basic terminology Convention:

478 views • 12 slides
Provenance -Only Integration Ashish Gehani Dawood Tariq SRI Provenance -Only Integration p.

Provenance -Only Integration Ashish Gehani Dawood Tariq SRI Provenance -Only Integration p.

Provenance -Only Integration Ashish Gehani Dawood Tariq SRI Provenance -Only Integration p. 1/13 Integration Challenges Metadata variation: Abstraction levels Completeness Identifiers Semantics Querying requires: Record assembly

683 views • 13 slides
with HAWC J. Patrick Harding 8/1/17 Operated by Los Alamos National Security, LLC for

with HAWC J. Patrick Harding 8/1/17 Operated by Los Alamos National Security, LLC for

Los Alamos National Laboratory Searching for Dark Matter with HAWC J. Patrick Harding 8/1/17 Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA Los Alamos National Laboratory The High Altitude

482 views • 22 slides
Scott Ranks of Models of a Theory Matthew Harrison-Trainor University of California, Berkeley

Scott Ranks of Models of a Theory Matthew Harrison-Trainor University of California, Berkeley

Scott Ranks of Models of a Theory Matthew Harrison-Trainor University of California, Berkeley ASL North American Meeting, Storrs, May 2016 L 1 theories L 1 is the infinitary logic which allows countable conjunctions and disjunctions.

360 views • 14 slides
www.scvemc.org Title : The Lightning Phenomenon Guest Speaker : Marcos Rubinstein (DL) Abstract:

www.scvemc.org Title : The Lightning Phenomenon Guest Speaker : Marcos Rubinstein (DL) Abstract:

www.scvemc.org Title : The Lightning Phenomenon Guest Speaker : Marcos Rubinstein (DL) Abstract: Lightning is one of the primary causes of damage and malfunction of telecommunication and power networks and one of the leading causes of

982 views • 60 slides
Conference of Interpreter Trainers Business Mee3ng October 31,

Conference of Interpreter Trainers Business Mee3ng October 31,

Conference of Interpreter Trainers Business Mee3ng October 31, 2014 CIT Memorium Doug Bahl Dr. Nathie Maybury Nathie Marbury Dianne Nemitz Dianne Nemitz

666 views • 25 slides
Functional modularity in the lambda calculus Chung-chieh Shan Cornell University 28 December

Functional modularity in the lambda calculus Chung-chieh Shan Cornell University 28 December

Functional modularity in the lambda calculus Chung-chieh Shan Cornell University 28 December 2011 1/14 2/14 IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, MARCH 1976 8 place system generators. Since these methods are applied in evaluating program

744 views • 33 slides
Reducing Dynamic Compilation Latency Igor Bhm P rocessor A utomated S ynthesis by i T erative A

Reducing Dynamic Compilation Latency Igor Bhm P rocessor A utomated S ynthesis by i T erative A

LLVM12 - European Conference, London Reducing Dynamic Compilation Latency Igor Bhm P rocessor A utomated S ynthesis by i T erative A nalysis The U niversity o f E dinburgh LLVM12 - European Conference, London Concurrent and Parallel

1.32k views • 81 slides

More recommend