skip to main content
article
Open Access

Model checking for symbolic-heap separation logic with inductive predicates

Published:11 January 2016Publication History
Skip Abstract Section

Abstract

We investigate the *model checking* problem for symbolic-heap separation logic with user-defined inductive predicates, i.e., the problem of checking that a given stack-heap memory state satisfies a given formula in this language, as arises e.g. in software testing or runtime verification. First, we show that the problem is *decidable*; specifically, we present a bottom-up fixed point algorithm that decides the problem and runs in exponential time in the size of the problem instance. Second, we show that, while model checking for the full language is EXPTIME-complete, the problem becomes NP-complete or PTIME-solvable when we impose natural syntactic restrictions on the schemata defining the inductive predicates. We additionally present NP and PTIME algorithms for these restricted fragments. Finally, we report on the experimental performance of our procedures on a variety of specifications extracted from programs, exercising multiple combinations of syntactic restrictions.

References

  1. C YCLIST : software distribution. https://github.com/ngorogiannis/cyclist/.Google ScholarGoogle Scholar
  2. Project Archer GDB development branch. https://sourceware.org/gdb/wiki/ProjectArcher.Google ScholarGoogle Scholar
  3. P. Agten, B. Jacobs, and F. Piessens. Sound modular verification of C code executing in an unverified context. In Proc. POPL-42. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. T. Antonopoulos, N. Gorogiannis, C. Haase, M. Kanovich, and J. Ouaknine. Foundations for decision problems in separation logic with general inductive predicates. In Proc. FoSSaCS-17. Springer, 2014.Google ScholarGoogle Scholar
  5. J. Berdine, C. Calcagno, and P. O’Hearn. A decidable fragment of separation logic. In Proc. FSTTCS-24. Springer, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. J. Berdine, C. Calcagno, and P. W. O’Hearn. Symbolic execution with separation logic. In Proc. APLAS-3. Springer, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. J. Berdine, B. Cook, and S. Ishtiaq. SLAyer: memory safety for systems-level code. In Proc. CAV-23. Springer, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. M. Botincan, D. Distefano, M. Dodds, R. Grigore, D. Naudziuniene, and M. J. Parkinson. coreStar: The core of jStar. In Proc. 1st BOOGIE, 2011.Google ScholarGoogle Scholar
  9. J. Brotherston. Formalised inductive reasoning in the logic of bunched implications. In Proc. SAS-14. Springer, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. J. Brotherston, C. Fuhs, N. Gorogiannis, and J. Navarro Pérez. A decision procedure for satisfiability in separation logic with inductive predicates. In Proc. CSL-LICS. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. J. Brotherston and N. Gorogiannis. Cyclic abduction of inductively defined safety and termination preconditions. In Proc. SAS-21. Springer, 2014.Google ScholarGoogle Scholar
  12. J. Brotherston and N. Gorogiannis. Disproving inductive entailments in separation logic via base pair approximation. In Proceedings of TABLEAUX-24. Springer, 2015.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J. Brotherston, N. Gorogiannis, and R. L. Petersen. A generic cyclic theorem prover. In Proc. APLAS-10, LNCS. Springer, 2012.Google ScholarGoogle Scholar
  14. C. Calcagno and D. Distefano. Infer: An automatic program verifier for memory safety of C programs. In Proc. NFM-3. Springer, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. A. K. Chandra, D. Kozen, and L. J. Stockmeyer. Alternation. J. ACM, 28(1), 1981. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. W.-N. Chin, C. David, H. H. Nguyen, and S. Qin. Automated verification of shape, size and bag properties via user-defined predicates in separation logic. Sci. Comp. Prog., 77(9), 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. D.-H. Chu, J. Jaffar, and M.-T. Trinh. Automatic induction proofs of data-structures in imperative programs. In Proc. PLDI-36. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. E. M. Clarke. The birth of model checking. In 25 Years of Model Checking. Springer, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. K. Dudka, P. Peringer, and T. Vojnar. Predator: A practical tool for checking manipulation of dynamic data structures using separation logic. In Proc. CAV-23. Springer, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. M. Frick and M. Grohe. The complexity of first-order and monadic second-order logic revisited. Annals of Pure and Applied Logic, 130, 2004.Google ScholarGoogle Scholar
  21. M. R. Garey and D. S. Johnson. Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman, 1979. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. R. Iosif, A. Rogalewicz, and J. Simacek. The tree width of separation logic with recursive definitions. In Proc. CADE-24. Springer, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. S. Ishtiaq and P. W. O’Hearn. BI as an assertion language for mutable data structures. In Proc. POPL-28. ACM, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. B. Jacobs, J. Smans, P. Philippaerts, F. Vogels, W. Penninckx, and F. Piessens. Verifast: A powerful, sound, predictable, fast verifier for C and Java. In Proc. NFM-3. Springer, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Q. L. Le, C. Gherghina, S. Qin, and W.-N. Chin. Shape analysis via second-order bi-abduction. In Proc. CAV-26. Springer, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. H. H. Nguyen, V. Kuncak, and W.-N. Chin. Runtime checking for separation logic. In Proc. VMCAI-9. Springer, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. P. W. O’Hearn, H. Yang, and J. C. Reynolds. Separation and information hiding. In Proc. POPL-31. ACM, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. E. Pek, X. Qiu, and P. Madhusudan. Natural proofs for data structure manipulation in C using separation logic. In Proc. PLDI-35. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In Proc. LICS-17. IEEE, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Model checking for symbolic-heap separation logic with inductive predicates

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!