Completeness of Separation Logic with Inductive Definitions for Program Verification

AbstractSeparation logic is a useful tool for proving the correctness of programs that manipulate memory, especially when the model of memory includes higher-order state: Step-indexing, predicates in the heap, and higher-order ghost state have been used to reason about function pointers, data structure invariants, and complex concurrency patterns. On the other hand, the behavior of system features (e.g., operating systems) and the external world (e.g., communication between components) is usually specified using first-order formalisms. In principle, the soundness theorem of a separation logic is its interface with first-order theorems, but the soundness theorem may implicitly make assumptions about how other components are specified, limiting its use. In this paper, we show how to extend the higher-order separation logic of the Verified Software Toolchain to interface with a first-order verified operating system, in this case CertiKOS, that mediates its interaction with the outside world. The resulting system allows us to prove the correctness of C programs in separation logic based on the semantics of system calls implemented in CertiKOS. It also demonstrates that the combination of interaction trees + CompCert memories serves well as a lingua franca to interface and compose two quite different styles of program verification.

Download Full-text

Labelled cyclic proofs for separation logic

Journal of Logic and Computation ◽

10.1093/logcom/exab017 ◽

2021 ◽

Author(s):

Didier Galmiche ◽

Daniel Méry

Keyword(s):

Data Structures ◽

Program Verification ◽

Separation Logic ◽

Proof System ◽

Proof Systems ◽

Verification Tools ◽

Definition Of ◽

Logical Formalism

Abstract Separation logic (SL) is a logical formalism for reasoning about programs that use pointers to mutate data structures. It is successful for program verification as an assertion language to state properties about memory heaps using Hoare triples. Most of the proof systems and verification tools for ${\textrm{SL}}$ focus on the decidable but rather restricted symbolic heaps fragment. Moreover, recent proof systems that go beyond symbolic heaps are purely syntactic or labelled systems dedicated to some fragments of ${\textrm{SL}}$ and they mainly allow either the full set of connectives, or the definition of arbitrary inductive predicates, but not both. In this work, we present a labelled proof system, called ${\textrm{G}_{\textrm{SL}}}$, that allows both the definition of cyclic proofs with arbitrary inductive predicates and the full set of SL connectives. We prove its soundness and show that we can derive in ${\textrm{G}_{\textrm{SL}}}$ the built-in rules for data structures of another non-cyclic labelled proof system and also that ${\textrm{G}_{\textrm{SL}}}$ is strictly more powerful than that system.

Download Full-text

Program Verification with Separation Logic and Rely Guarantee

10.26686/wgtn.17060108 ◽

2021 ◽

Author(s):

◽

Allan Tabilog

Keyword(s):

Program Verification ◽

Separation Logic ◽

Concurrent Programs ◽

Abstract Data Type ◽

Data Abstraction ◽

Global State ◽

Shared Variable ◽

Concurrent Program ◽

Abstract Data ◽

Shared State

<p>This thesis explores two kinds of program logics that have become important for modern program verification - separation logic, for reasoning about programs that use pointers to build mutable data structures, and rely guarantee reasoning, for reasoning about shared variable concurrent programs. We look more closely into the motivations for merging these two kinds of logics into a single formalism that exploits the benefits of both approaches - local, modular, and explicit reasoning about interference between threads in a shared memory concurrent program. We discuss in detail two such formalisms - RGSep and Local Rely Guarantee (LRG), in particular we analyse how each formalism models program state and treats the distinction between global state (shared by all threads) and local state (private to a given thread) and how each logic models actions performed by threads on shared state, and look into the proof rules specifically for reasoning about atomic blocks of code. We present full examples of proofs in each logic and discuss their differences. This thesis also illustrates how a weakest precondition semantics for separation logic can be used to carry out calculational proofs. We also note how in essence these proofs are data abstraction proofs showing that a data structure implements some abstract data type, and relate this idea to a classic data abstraction technique by Hoare. Finally, as part of the thesis we also present a survey of tools that are currently available for doing manual or semi-automated proofs as well as program analyses with separation logic and rely guarantee.</p>

Download Full-text

Effective Entailment Checking for Separation Logic with Inductive Definitions

Tools and Algorithms for the Construction and Analysis of Systems - Lecture Notes in Computer Science ◽

10.1007/978-3-030-17465-1_18 ◽

2019 ◽

pp. 319-336 ◽

Cited By ~ 4

Author(s):

Jens Katelaan ◽

Christoph Matheja ◽

Florian Zuleger

Keyword(s):

Separation Logic ◽

Inductive Definitions

Download Full-text

Towards Mechanized Program Verification with Separation Logic

Computer Science Logic - Lecture Notes in Computer Science ◽

10.1007/978-3-540-30124-0_21 ◽

2004 ◽

pp. 250-264 ◽

Cited By ~ 16

Author(s):

Tjark Weber

Keyword(s):

Program Verification ◽

Separation Logic

Download Full-text

Program Verification Techniques Based on Separation Logic

Journal of Software ◽

10.3724/sp.j.1001.2009.03636 ◽

2009 ◽

Vol 20 (8) ◽

pp. 2051-2061 ◽

Cited By ~ 1

Author(s):

Da-Ming HUANG ◽

Qing-Kai ZENG

Keyword(s):

Program Verification ◽

Separation Logic ◽

Verification Techniques

Download Full-text

Completeness and expressiveness of pointer program verification by separation logic

Information and Computation ◽

10.1016/j.ic.2019.03.002 ◽

2019 ◽

Vol 267 ◽

pp. 1-27 ◽

Cited By ~ 1

Author(s):

Makoto Tatsuta ◽

Wei-Ngan Chin ◽

Mahmudul Faisal Al Ameen

Keyword(s):

Program Verification ◽

Separation Logic

Download Full-text

Program Verification with Separation Logic and Rely Guarantee

10.26686/wgtn.17060108.v1 ◽

2021 ◽

Author(s):

◽

Allan Tabilog

Keyword(s):

Program Verification ◽

Separation Logic ◽

Concurrent Programs ◽

Abstract Data Type ◽

Data Abstraction ◽

Global State ◽

Shared Variable ◽

Concurrent Program ◽

Abstract Data ◽

Shared State

<p>This thesis explores two kinds of program logics that have become important for modern program verification - separation logic, for reasoning about programs that use pointers to build mutable data structures, and rely guarantee reasoning, for reasoning about shared variable concurrent programs. We look more closely into the motivations for merging these two kinds of logics into a single formalism that exploits the benefits of both approaches - local, modular, and explicit reasoning about interference between threads in a shared memory concurrent program. We discuss in detail two such formalisms - RGSep and Local Rely Guarantee (LRG), in particular we analyse how each formalism models program state and treats the distinction between global state (shared by all threads) and local state (private to a given thread) and how each logic models actions performed by threads on shared state, and look into the proof rules specifically for reasoning about atomic blocks of code. We present full examples of proofs in each logic and discuss their differences. This thesis also illustrates how a weakest precondition semantics for separation logic can be used to carry out calculational proofs. We also note how in essence these proofs are data abstraction proofs showing that a data structure implements some abstract data type, and relate this idea to a classic data abstraction technique by Hoare. Finally, as part of the thesis we also present a survey of tools that are currently available for doing manual or semi-automated proofs as well as program analyses with separation logic and rely guarantee.</p>

Download Full-text

Certifying the synthesis of heap-manipulating programs

Proceedings of the ACM on Programming Languages ◽

10.1145/3473589 ◽

2021 ◽

Vol 5 (ICFP) ◽

pp. 1-29

Author(s):

Yasunari Watanabe ◽

Kiran Gopinathan ◽

George Pîrlea ◽

Nadia Polikarpova ◽

Ilya Sergey

Keyword(s):

Program Verification ◽

Ad Hoc ◽

Program Synthesis ◽

Separation Logic ◽

Third Party ◽

Correctness Proofs ◽

Deductive Synthesis ◽

Efficient Machine ◽

Verified Software ◽

Executable Programs

Automated deductive program synthesis promises to generate executable programs from concise specifications, along with proofs of correctness that can be independently verified using third-party tools. However, an attempt to exercise this promise using existing proof-certification frameworks reveals significant discrepancies in how proof derivations are structured for two different purposes: program synthesis and program verification. These discrepancies make it difficult to use certified verifiers to validate synthesis results, forcing one to write an ad-hoc translation procedure from synthesis proofs to correctness proofs for each verification backend. In this work, we address this challenge in the context of the synthesis and verification of heap-manipulating programs. We present a technique for principled translation of deductive synthesis derivations (a.k.a. source proofs) into deductive target proofs about the synthesised programs in the logics of interactive program verifiers. We showcase our technique by implementing three different certifiers for programs generated via SuSLik, a Separation Logic-based tool for automated synthesis of programs with pointers, in foundational verification frameworks embedded in Coq: Hoare Type Theory (HTT), Iris, and Verified Software Toolchain (VST), producing concise and efficient machine-checkable proofs for characteristic synthesis benchmarks.

Download Full-text