Abstract
We investigate the *model checking* problem for symbolic-heap separation logic with user-defined inductive predicates, i.e., the problem of checking that a given stack-heap memory state satisfies a given formula in this language, as arises e.g. in software testing or runtime verification. First, we show that the problem is *decidable*; specifically, we present a bottom-up fixed point algorithm that decides the problem and runs in exponential time in the size of the problem instance. Second, we show that, while model checking for the full language is EXPTIME-complete, the problem becomes NP-complete or PTIME-solvable when we impose natural syntactic restrictions on the schemata defining the inductive predicates. We additionally present NP and PTIME algorithms for these restricted fragments. Finally, we report on the experimental performance of our procedures on a variety of specifications extracted from programs, exercising multiple combinations of syntactic restrictions.
- C YCLIST : software distribution. https://github.com/ngorogiannis/cyclist/.Google Scholar
- Project Archer GDB development branch. https://sourceware.org/gdb/wiki/ProjectArcher.Google Scholar
- P. Agten, B. Jacobs, and F. Piessens. Sound modular verification of C code executing in an unverified context. In Proc. POPL-42. ACM, 2015. Google Scholar
Digital Library
- T. Antonopoulos, N. Gorogiannis, C. Haase, M. Kanovich, and J. Ouaknine. Foundations for decision problems in separation logic with general inductive predicates. In Proc. FoSSaCS-17. Springer, 2014.Google Scholar
- J. Berdine, C. Calcagno, and P. O’Hearn. A decidable fragment of separation logic. In Proc. FSTTCS-24. Springer, 2004. Google Scholar
Digital Library
- J. Berdine, C. Calcagno, and P. W. O’Hearn. Symbolic execution with separation logic. In Proc. APLAS-3. Springer, 2005. Google Scholar
Digital Library
- J. Berdine, B. Cook, and S. Ishtiaq. SLAyer: memory safety for systems-level code. In Proc. CAV-23. Springer, 2011. Google Scholar
Digital Library
- M. Botincan, D. Distefano, M. Dodds, R. Grigore, D. Naudziuniene, and M. J. Parkinson. coreStar: The core of jStar. In Proc. 1st BOOGIE, 2011.Google Scholar
- J. Brotherston. Formalised inductive reasoning in the logic of bunched implications. In Proc. SAS-14. Springer, 2007. Google Scholar
Digital Library
- J. Brotherston, C. Fuhs, N. Gorogiannis, and J. Navarro Pérez. A decision procedure for satisfiability in separation logic with inductive predicates. In Proc. CSL-LICS. ACM, 2014. Google Scholar
Digital Library
- J. Brotherston and N. Gorogiannis. Cyclic abduction of inductively defined safety and termination preconditions. In Proc. SAS-21. Springer, 2014.Google Scholar
- J. Brotherston and N. Gorogiannis. Disproving inductive entailments in separation logic via base pair approximation. In Proceedings of TABLEAUX-24. Springer, 2015.Google Scholar
Digital Library
- J. Brotherston, N. Gorogiannis, and R. L. Petersen. A generic cyclic theorem prover. In Proc. APLAS-10, LNCS. Springer, 2012.Google Scholar
- C. Calcagno and D. Distefano. Infer: An automatic program verifier for memory safety of C programs. In Proc. NFM-3. Springer, 2011. Google Scholar
Digital Library
- A. K. Chandra, D. Kozen, and L. J. Stockmeyer. Alternation. J. ACM, 28(1), 1981. Google Scholar
Digital Library
- W.-N. Chin, C. David, H. H. Nguyen, and S. Qin. Automated verification of shape, size and bag properties via user-defined predicates in separation logic. Sci. Comp. Prog., 77(9), 2012. Google Scholar
Digital Library
- D.-H. Chu, J. Jaffar, and M.-T. Trinh. Automatic induction proofs of data-structures in imperative programs. In Proc. PLDI-36. ACM, 2015. Google Scholar
Digital Library
- E. M. Clarke. The birth of model checking. In 25 Years of Model Checking. Springer, 2008. Google Scholar
Digital Library
- K. Dudka, P. Peringer, and T. Vojnar. Predator: A practical tool for checking manipulation of dynamic data structures using separation logic. In Proc. CAV-23. Springer, 2011. Google Scholar
Digital Library
- M. Frick and M. Grohe. The complexity of first-order and monadic second-order logic revisited. Annals of Pure and Applied Logic, 130, 2004.Google Scholar
- M. R. Garey and D. S. Johnson. Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman, 1979. Google Scholar
Digital Library
- R. Iosif, A. Rogalewicz, and J. Simacek. The tree width of separation logic with recursive definitions. In Proc. CADE-24. Springer, 2013. Google Scholar
Digital Library
- S. Ishtiaq and P. W. O’Hearn. BI as an assertion language for mutable data structures. In Proc. POPL-28. ACM, 2001. Google Scholar
Digital Library
- B. Jacobs, J. Smans, P. Philippaerts, F. Vogels, W. Penninckx, and F. Piessens. Verifast: A powerful, sound, predictable, fast verifier for C and Java. In Proc. NFM-3. Springer, 2011. Google Scholar
Digital Library
- Q. L. Le, C. Gherghina, S. Qin, and W.-N. Chin. Shape analysis via second-order bi-abduction. In Proc. CAV-26. Springer, 2014. Google Scholar
Digital Library
- H. H. Nguyen, V. Kuncak, and W.-N. Chin. Runtime checking for separation logic. In Proc. VMCAI-9. Springer, 2008. Google Scholar
Digital Library
- P. W. O’Hearn, H. Yang, and J. C. Reynolds. Separation and information hiding. In Proc. POPL-31. ACM, 2004. Google Scholar
Digital Library
- E. Pek, X. Qiu, and P. Madhusudan. Natural proofs for data structure manipulation in C using separation logic. In Proc. PLDI-35. ACM, 2014. Google Scholar
Digital Library
- J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In Proc. LICS-17. IEEE, 2002. Google Scholar
Digital Library
Index Terms
Model checking for symbolic-heap separation logic with inductive predicates
Recommendations
A decision procedure for satisfiability in separation logic with inductive predicates
CSL-LICS '14: Proceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)We show that the satisfiability problem for the "symbolic heap" fragment of separation logic with general inductively defined predicates --- which includes most fragments employed in program verification --- is decidable. Our decision procedure is based ...
Model checking for symbolic-heap separation logic with inductive predicates
POPL '16: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming LanguagesWe investigate the *model checking* problem for symbolic-heap separation logic with user-defined inductive predicates, i.e., the problem of checking that a given stack-heap memory state satisfies a given formula in this language, as arises e.g. in ...
Completeness and expressiveness of pointer program verification by separation logic
AbstractReynolds' separation logical system for pointer program verification is investigated. This paper proves its completeness theorem that states that every true asserted program is provable in the logical system. In order to prove the ...






Comments