program proofs in hybrid separation logic
play

Program Proofs in Hybrid Separation Logic Armal Guneau & Jules - PowerPoint PPT Presentation

Sep 03, 2022 •467 likes •985 views

I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION Program Proofs in Hybrid Separation Logic Armal Guneau & Jules Villard Imperial College of London & ENS Lyon 4th

  1. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION Program Proofs in Hybrid Separation Logic Armaël Guéneau & Jules Villard Imperial College of London & ENS Lyon 4th September 2014 Armaël Guéneau Program Proofs in Hybrid Separation Logic 1/31

  2. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION I NTRODUCTION General field of study: imperative programs verification. § We want to prove specifications, as Hoare triples: t P u c t Q u § We are also interested in memory safety An existing framework: Separation logic § Assertions P , Q describe memory heaps § An additional inference rule for triples § Proving a specification requires memory safety Armaël Guéneau Program Proofs in Hybrid Separation Logic 2/31

  3. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION O UTLINE OF THIS TALK § Let’s play with separation logic: a motivational example § Introducing hybrid separation logic § Can we do nicer proofs of our example using it? § Can we automate these proofs? Armaël Guéneau Program Proofs in Hybrid Separation Logic 3/31

  4. A MOTIVATIONAL EXAMPLE : copytree

  5. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] struct tree { tree* copytree(tree* x) { int val; if (x == NULL) tree* l; return x; tree* r; }; tree* l’ = copytree(x->l); tree* r’ = copytree(x->r); tree* x’ = malloc(sizeof(tree )); x’->l = l’; x’->r = r’; What specification for return x’; copytree? } Armaël Guéneau Program Proofs in Hybrid Separation Logic 5/31

  6. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] A FIRST SPECIFICATION Separating conjunction ô P 1 › P 2 P 1 P 2 t tree x u x’ = copytree(x) t tree x › tree x 1 u Armaël Guéneau Program Proofs in Hybrid Separation Logic 6/31

  7. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] A FIRST SPECIFICATION x ÞÑ a , b , c : emp : the empty heap ” pD l , r : x ÞÑ val , l , r › tree l › tree r q tree x _p x = 0 ^ emp q Armaël Guéneau Program Proofs in Hybrid Separation Logic 7/31

  8. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION // t tree x u tree* copytree(tree* x) { if (x == NULL) return x; tree* l’ = copytree(x->l); tree* r’ = copytree(x->r); tree* x’ = malloc(sizeof(tree )); x’->l = l’; x’->r = r’; x’->val = x->val; return x’; } // t tree x › tree x 1 u Armaël Guéneau Program Proofs in Hybrid Separation Logic 8/31

  9. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION // t tree x u tree* copytree(tree* x) { if (x == NULL) return x; // t x ÞÑ val , l , r › tree l › tree r u tree* l’ = copytree(x->l); // t x ÞÑ val , l , r › tree l › tree r › tree l 1 u t P u c t Q u tree* r’ = copytree(x->r); Frame t P › R u c t Q › R u tree* x’ = malloc(sizeof(tree )); x’->l = l’; x’->r = r’; x’->val = x->val; return x’; } // t tree x › tree x 1 u Armaël Guéneau Program Proofs in Hybrid Separation Logic 8/31

  10. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION // t tree x u tree* copytree(tree* x) { if (x == NULL) return x; // t x ÞÑ val , l , r › tree l › tree r u // � t tree l u tree* l’ = copytree(x->l); // � t tree l › tree l 1 u // t x ÞÑ val , l , r › tree l › tree r › tree l 1 u t P u c t Q u tree* r’ = copytree(x->r); Frame t P › R u c t Q › R u tree* x’ = malloc(sizeof(tree )); x’->l = l’; x’->r = r’; x’->val = x->val; return x’; } // t tree x › tree x 1 u Armaël Guéneau Program Proofs in Hybrid Separation Logic 8/31

  11. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION // t tree x u tree* copytree(tree* x) { if (x == NULL) return x; // t x ÞÑ val , l , r › tree l › tree r u // � t tree l u tree* l’ = copytree(x->l); // � t tree l › tree l 1 u // t x ÞÑ val , l , r › tree l › tree r › tree l 1 u tree* r’ = copytree(x->r); // t x ÞÑ val , l , r › tree l › tree r › tree l 1 › tree r 1 u tree* x’ = malloc(sizeof(tree )); x’->l = l’; x’->r = r’; x’->val = x->val; return x’; } // t tree x › tree x 1 u Armaël Guéneau Program Proofs in Hybrid Separation Logic 8/31

  12. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION // t tree x u tree* copytree(tree* x) { if (x == NULL) return x; // t x ÞÑ val , l , r › tree l › tree r u // � t tree l u tree* l’ = copytree(x->l); // � t tree l › tree l 1 u // t x ÞÑ val , l , r › tree l › tree r › tree l 1 u tree* r’ = copytree(x->r); // t x ÞÑ val , l , r › tree l › tree r › tree l 1 › tree r 1 u tree* x’ = malloc(sizeof(tree )); x’->l = l’; x’->r = r’; x’->val = x->val; // t x ÞÑ val , l , r › tree l › tree r › x 1 ÞÑ val , l 1 , r 1 › tree l 1 › tree r 1 u return x’; } // t tree x › tree x 1 u Armaël Guéneau Program Proofs in Hybrid Separation Logic 8/31

  13. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] In fact, copytree also works on dags (directed acyclic graphs). dag x ” D l , r : x ÞÑ val , l , r › p dag l ?? dag r q _p x = 0 ^ emp q Armaël Guéneau Program Proofs in Hybrid Separation Logic 9/31

  14. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] T ALKING ABOUT OVERLAPPING HEAPS Overlapping conjunction P 1 ô P 1 Y › P 2 P 2 Armaël Guéneau Program Proofs in Hybrid Separation Logic 10/31

  15. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] W HAT DEFINITION OF dag x ? dag x ” D l , r : x ÞÑ val , l , r › p dag l Y › dag r q _p x = 0 ^ emp q Armaël Guéneau Program Proofs in Hybrid Separation Logic 11/31

  16. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] t dag x u x’ = copytree(x) t dag x › tree x 1 u We cannot prove this specification. // t x ÞÑ val , l , r › p dag l Y › dag r qu tree* l’ = copytree(x->l); › dag r q › tree l 1 u // t x ÞÑ val , l , r › p dag l Y Armaël Guéneau Program Proofs in Hybrid Separation Logic 12/31

  17. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] t dag x u x’ = copytree(x) t dag x › tree x 1 u We cannot prove this specification. // t x ÞÑ val , l , r › p dag l Y › dag r qu // � t dag l u tree* l’ = copytree(x->l); // � t dag l › tree l 1 u › dag r q › tree l 1 u // t x ÞÑ val , l , r › p dag l Y Armaël Guéneau Program Proofs in Hybrid Separation Logic 12/31

  18. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] Solution idea from Reynolds [Rey02]: use an assertion variable that implicitly quantifies over properties on the heap. t p ^ dag τ x u x’ Ð copytree(x) t p › tree τ x u § Has a taste of second-order logic § Overkill? Armaël Guéneau Program Proofs in Hybrid Separation Logic 13/31

  19. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE [R EY 02] Solution from Hobor & Villard [HobVill13]: § Very precise dag predicate (parametrized by a mathematical view of the dag) § Prove functional correctness § Ramification instead of frame rule + heavy semantic proofs Armaël Guéneau Program Proofs in Hybrid Separation Logic 14/31

  20. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION T HE copytree EXAMPLE Automated reasoning requires a much simpler reasoning. To talk about preserving parts of the heap, we can use labels ! (think heap variables ) Armaël Guéneau Program Proofs in Hybrid Separation Logic 15/31

  21. H YBRID S EPARATION L OGIC : SEPARATION LOGIC + LABELS

  22. I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION I NTRODUCING THE HYBRID SEPARATION LOGIC Separation logic: defines the interpretation of ^ , _ , ñ , › , − − › , ... Hybrid separation logic: separation logic + ℓ ( heap variables or labels ) + @ ℓ A ( @ -modality) + D -quantifiers on labels ρ : valuation: Labels á Heaps h | ù ρ ℓ ô h = ρ p ℓ q h | ù ρ @ ℓ A ô ρ p ℓ q | ù ρ A h | ù ρ D ℓ : A ô exists h ℓ heap st. h | ù ρ r ℓ Ñ h ℓ s A Armaël Guéneau Program Proofs in Hybrid Separation Logic 17/31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyclic Proofs of Program Termination in Separation Logic James Brotherston 1 , Richard Bornat

Cyclic Proofs of Program Termination in Separation Logic James Brotherston 1 , Richard Bornat

Cyclic Proofs of Program Termination in Separation Logic James Brotherston 1 , Richard Bornat 2 , and Cristiano Calcagno 1 1 Imperial College, London 2 Middlesex University, London Me 10 January, 2008 Overview We give a new method for

373 views • 11 slides
Mechanized proofs in higher-order separation logic Robbert Krebbers Delft University of

Mechanized proofs in higher-order separation logic Robbert Krebbers Delft University of

Mechanized proofs in higher-order separation logic Robbert Krebbers Delft University of Technology, The Netherlands February 5, 2019 @ Vrije Universiteit, Amsterdam, The Netherlands 1 Tactic-style proofs (as in LCF/Coq/HOL/ etc. ) have shown to

978 views • 97 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Jacques-Henri Jourdan 2 Ralf Jung 3 Joseph Tassarotti 4 Jan-Oliver Kaiser 3 Amin Timany 5 eraud 6 Derek Dreyer 3 Arthur Chargu 1 Delft

710 views • 49 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Jacques-Henri Jourdan 2 Ralf Jung 3 Joseph Tassarotti 4 Jan-Oliver Kaiser 3 Amin Timany 5 eraud 6 Derek Dreyer 3 Arthur Chargu 1 Delft

1.55k views • 141 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Delft University of Technology, The Netherlands October 9, 2018 @ Types Meeting, Aarhus, Denmark 1 MoSeL is joint work with Jacques-Henri

1.14k views • 98 slides
Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe and

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe and

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe and James Brotherston University College London TAPAS, Edinburgh, Wednesday 7 th September 2016 Automatically Proving Termination: Challenges proc

815 views • 57 slides
Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe,

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe,

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe, University of Kent, Canterbury James Brotherston, University College London CPP, Paris, France Monday 16 th January 2017 Automatically Proving

741 views • 70 slides
Parametric completeness for separation theories (via hybrid logic) James Brotherston University

Parametric completeness for separation theories (via hybrid logic) James Brotherston University

Parametric completeness for separation theories (via hybrid logic) James Brotherston University College London New York University, 11 December 2014 Joint work with Jules Villard 1/ 26 Part I Introduction, motivation and background 2/ 26

1.39k views • 118 slides
Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 1 UCL 2 Middlesex University University of Vienna, 14 Mar 2017 1/ 19 Compositional proofs in separation logic (1) Separation

1.14k views • 91 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2

Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2

Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2 Lars Birkedal 3 1 Delft University of Technology, The Netherlands 2 imec-Distrinet, KU Leuven, Belgium 3 Aarhus University, Denmark January 18, 2017 @

953 views • 71 slides
Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1

Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1

Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Delft University of Technology, The Netherlands June 12, 2017 @ MFPS, Ljubljana, Slovenia 1 Iris is joint work with: Ralf Jung, Jacques-Henri

1.16k views • 87 slides
Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio Mansutti LSV, CNRS, ENS Paris-Saclay Paris - April 2019 What we will see An extension of propositional separation logic that can express some

569 views • 42 slides
Proofs about Programs Why make you study logic? Program Verification Why make you do

Proofs about Programs Why make you study logic? Program Verification Why make you do

Proofs about Programs Why make you study logic? Program Verification Why make you do proofs? (Rosen, Sections 5.5) Because we want to prove properties of TOPICS programs: Program Correctness Preconditions &

323 views • 8 slides
A case for relaxed program logics Separation logic as a tool for

A case for relaxed program logics Separation logic as a tool for

A case for relaxed program logics Separation logic as a tool for understanding and debugging the C/C++ concurrency model Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

304 views • 13 slides
Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Dagstuhl, 2015-11-02 Plan for the talk Talk outline Motivation Basic separation logic Concurrent separation logic Frame inference

597 views • 21 slides
Encounters with Maxwell Equations Martin Costabel IRMAR, Universit de Rennes 1 Analysis and

Encounters with Maxwell Equations Martin Costabel IRMAR, Universit de Rennes 1 Analysis and

Encounters with Maxwell Equations Martin Costabel IRMAR, Universit de Rennes 1 Analysis and Numerics of Acoustic and Electromagnetic Problems Linz, 1722 October 2016 Martin Costabel (Rennes) Encounters with Maxwell Equations Linz,

780 views • 38 slides
9 th ENQA MEMBERS FORUM 25 April 2019, 15.45 17.15 Hosted by the Estonian Quality Agency

9 th ENQA MEMBERS FORUM 25 April 2019, 15.45 17.15 Hosted by the Estonian Quality Agency

9 th ENQA MEMBERS FORUM 25 April 2019, 15.45 17.15 Hosted by the Estonian Quality Agency for Higher and Vocational Education (EKKA), Tallinn, Estonia WiFi network TLU no password required Strategic Plan 2021 - 2025 2 2 2 2 0

605 views • 9 slides
A class of randomly generated semi-infinite programming test problems A. Ismael F. Vaz and Edite

A class of randomly generated semi-infinite programming test problems A. Ismael F. Vaz and Edite

A class of randomly generated semi-infinite programming test problems A. Ismael F. Vaz and Edite M.G.P. Fernandes Production and Systems Department - Engineering School Minho University - Braga - Portugal {aivaz,emgpf}@dps.uminho.pt

555 views • 44 slides
Building a permutation: comparing design approaches Joan Daemen based on joint work with

Building a permutation: comparing design approaches Joan Daemen based on joint work with

Building a permutation: comparing design approaches Joan Daemen based on joint work with Nicolas Bordes, Danil Kuijsters and Gilles Van Assche Summer School on real-world crypto and privacy, June 17-21, 2019, ibenik 1 1 Radboud

565 views • 18 slides
DAQ : General Status R.Itoh, KEK Trigger Belle II DAQ System FTSW FTSW FTSW FE PXD readout

DAQ : General Status R.Itoh, KEK Trigger Belle II DAQ System FTSW FTSW FTSW FE PXD readout

DAQ : General Status R.Itoh, KEK Trigger Belle II DAQ System FTSW FTSW FTSW FE PXD readout box PXD dig (ONSEN) reco DATCON rder HLT ~250 COPPERs distributor ~40 R/O PCs reco FE tx SVD Event Builder 2 rder dig R/O PC FE

665 views • 10 slides
RDMAR: A bandwidth-efficient Routing Protocol for Mobile Ad hoc Networks George Aggelou Rahim

RDMAR: A bandwidth-efficient Routing Protocol for Mobile Ad hoc Networks George Aggelou Rahim

RDMAR: A bandwidth-efficient Routing Protocol for Mobile Ad hoc Networks George Aggelou Rahim Tafazolli Center for Communication Systems Research (CCSR) Center for Communication Systems Research (CCSR) University of Surrey University of

365 views • 8 slides
Instabilities and local bifurcations. Elements of theory G erard Iooss IUF, Universit e de

Instabilities and local bifurcations. Elements of theory G erard Iooss IUF, Universit e de

Instabilities and local bifurcations. Elements of theory G erard Iooss IUF, Universit e de Nice, Laboratoire J.A.Dieudonn e, Parc Valrose, F-06108 Nice Cedex02 M.Haragus, G.Iooss. Local bifurcations, center manifolds, and normal forms

923 views • 38 slides
Hardware Acceleration of Transactional Memory on Commodity Systems Jared Casper , Tayo Oguntebi,

Hardware Acceleration of Transactional Memory on Commodity Systems Jared Casper , Tayo Oguntebi,

Hardware Acceleration of Transactional Memory on Commodity Systems Jared Casper , Tayo Oguntebi, Sungpack Hong, Nathan Bronson, Christos Kozyrakis, Kunle Olukotun Pervasive Parallelism Laboratory Stanford University 1 TM Design Alternatives

545 views • 21 slides

More recommend