skip to main content

Modular verification of heap reachability properties in separation logic

Published:10 October 2019Publication History
Skip Abstract Section

Abstract

The correctness of many algorithms and data structures depends on reachability properties, that is, on the existence of chains of references between objects in the heap. Reasoning about reachability is difficult for two main reasons. First, any heap modification may affect an unbounded number of reference chains, which complicates modular verification, in particular, framing. Second, general graph reachability is not supported by first-order SMT solvers, which impedes automatic verification.

In this paper, we present a modular specification and verification technique for reachability properties in separation logic. For each method, we specify reachability only locally within the fragment of the heap on which the method operates. We identify relative convexity, a novel relation between the heap fragments of a client and a callee, which enables (first-order) reachability framing, that is, extending reachability properties from the heap fragment of a callee to the larger fragment of its client, enabling precise procedure-modular reasoning. Our technique supports practically important heap structures, namely acyclic graphs with a bounded outdegree as well as (potentially cyclic) graphs with at most one path (modulo cycles) between each pair of nodes. The integration into separation logic allows us to reason about reachability and other properties in a uniform way, to verify concurrent programs, and to automate our technique via existing separation logic verifiers. We demonstrate that our verification technique is amenable to SMT-based verification by encoding a number of benchmark examples into the Viper verification infrastructure.

Skip Supplemental Material Section

Supplemental Material

a121-ter-gabrielyan

Presentation at OOPSLA '19

References

  1. Sheldon B. Akers Jr. 1978. Binary Decision Diagrams. IEEE Trans. Comput. 27, 6 (1978), 509–516.Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Clark Barrett, Pascal Fontaine, and Cesare Tinelli. 2017. The SMT-LIB Standard: Version 2.6. Technical Report. Department of Computer Science, The University of Iowa. Available at www.SMT-LIB.org .Google ScholarGoogle Scholar
  3. John Tang Boyland. 2003. Checking Interference with Fractional Permissions. In SAS (Lecture Notes in Computer Science), Vol. 2694. Springer, 55–72.Google ScholarGoogle Scholar
  4. Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein. 2009. Introduction to Algorithms, 3rd Edition. MIT Press.Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. G. A. Croes. 1958. A Method for Solving Traveling-Salesman Problems. Operations Research 6, 6 (1958), 791–812.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Leonardo Mendonça de Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In TACAS (Lecture Notes in Computer Science), C. R. Ramakrishnan and Jakob Rehof (Eds.), Vol. 4963. Springer, 337–340.Google ScholarGoogle Scholar
  7. David Detlefs, Greg Nelson, and James B. Saxe. 2005. Simplify: A Theorem Prover for Program Checking. Journal of the ACM 52, 3 (2005), 365–473.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Guozhu Dong and Jianwen Su. 1995. Incremental and Decremental Evaluation of Transitive Closure by First-Order Queries. Inf. Comput. 120 (1995), 101–106.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Michael L. Fredman, Robert Sedgewick, Daniel Dominic Sleator, and Robert E. Tarjan. 1986. The pairing heap: A new form of self-adjusting heap. Algorithmica 1 (1986), 111–129.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Shachar Itzhaky, Anindya Banerjee, Neil Immerman, Ori Lahav, Aleksandar Nanevski, and Mooly Sagiv. 2014. Modular Reasoning About Heap Paths via Effectively Propositional Formulas. In POPL, Suresh Jagannathan and Peter Sewell (Eds.). ACM, 385–396.Google ScholarGoogle Scholar
  11. Shachar Itzhaky, Anindya Banerjee, Neil Immerman, Aleksandar Nanevski, and Mooly Sagiv. 2013. Effectively-Propositional Reasoning about Reachability in Linked Data Structures. In CAV, Natasha Sharygina and Helmut Veith (Eds.). Springer Berlin Heidelberg, 756–772.Google ScholarGoogle Scholar
  12. Siddharth Krishna, Dennis E. Shasha, and Thomas Wies. 2018. Go with the flow: compositional abstractions for concurrent data structures. PACMPL 2, POPL (2018), 37:1–37:31.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. C. Y. Lee. 1959. Representation of switching circuits by binary-decision programs. The Bell System Technical Journal 38, 4 (1959), 985–999.Google ScholarGoogle ScholarCross RefCross Ref
  14. K. Rustan M. Leino. 2008. This is Boogie 2. (2008). https://www.microsoft.com/en- us/research/publication/this- is- boogie- 2-2/Google ScholarGoogle Scholar
  15. K. Rustan M. Leino and Rosemary Monahan. 2009. Reasoning about comprehensions with first-order SMT solvers. In SAC, Sung Y. Shin and Sascha Ossowski (Eds.). ACM, 615–622.Google ScholarGoogle Scholar
  16. Tal Lev-Ami, Neil Immerman, Thomas W. Reps, Mooly Sagiv, Siddharth Srivastava, and Greta Yorsh. 2009. Simulating reachability using first-order logic with applications to verification of linked data structures. Logical Methods in Computer Science 5, 2 (2009).Google ScholarGoogle Scholar
  17. Shen Lin. 1965. Computer solutions of the traveling salesman problem. The Bell System Technical Journal 44, 10 (1965), 2245–2269.Google ScholarGoogle ScholarCross RefCross Ref
  18. Michal Moskal. 2009. Programming with triggers. ACM International Conference Proceeding Series (2009).Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Peter Müller. 2018. The Binomial Heap Verification Challenge in Viper. In Principled Software Development, Peter Müller and Ina Schaefer (Eds.). Springer-Verlag, 203–219.Google ScholarGoogle Scholar
  20. Peter Müller, Malte Schwerhoff, and Alexander J. Summers. 2016a. Automatic Verification of Iterated Separating Conjunctions using Symbolic Execution. In CAV (LNCS), Swarat Chaudhuri and Azadeh Farzan (Eds.), Vol. 9779. Springer-Verlag, 405–425.Google ScholarGoogle Scholar
  21. Peter Müller, Malte Schwerhoff, and Alexander J. Summers. 2016b. Viper: A Verification Infrastructure for Permission-Based Reasoning. In VMCAI (LNCS), Barbara Jobstmann and K. Rustan M. Leino (Eds.), Vol. 9583. Springer-Verlag, 41–62.Google ScholarGoogle Scholar
  22. Matthew J. Parkinson and Gavin M. Bierman. 2005. Separation logic and abstraction. In POPL, Jens Palsberg and Martín Abadi (Eds.). ACM, 247–258.Google ScholarGoogle Scholar
  23. Matthew J. Parkinson and Alexander J. Summers. 2011. The Relationship between Separation Logic and Implicit Dynamic Frames. In ESOP, Gilles Barthe (Ed.). 439–458.Google ScholarGoogle Scholar
  24. Ruzica Piskac, Thomas Wies, and Damien Zufferey. 2014. GRASShopper - Complete Heap Verification with Mixed Specifications. In TACAS (Lecture Notes in Computer Science), Erika Ábrahám and Klaus Havelund (Eds.), Vol. 8413. Springer, 124–139.Google ScholarGoogle Scholar
  25. John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In IEEE Symposium on Logic in Computer Science (LICS ’02). IEEE Computer Society, 55–74.Google ScholarGoogle Scholar
  26. Lui Sha, Ragunathan Rajkumar, and John P. Lehoczky. 1990. Priority inheritance protocols: an approach to real-time synchronization. IEEE Trans. Comput. 39, 9 (1990), 1175–1185.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Jan Smans, Bart Jacobs, and Frank Piessens. 2012. Implicit Dynamic Frames. ACM Transactions on Programming Languages and Systems 34, 1, Article 2 (2012), 58 pages.Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Robert Endre Tarjan. 1975. Efficiency of a Good But Not Linear Set Union Algorithm. Journal of the ACM 22, 2 (1975), 215–225.Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Arshavir Ter-Gabrielyan, Alexander J. Summers, and Peter Müller. 2019a. Modular Verification of Heap Reachability Properties in Separation Logic. Technical Report. Department of Computer Science, ETH Zurich, Switzerland. arXiv: 1908.05799Google ScholarGoogle Scholar
  30. Arshavir Ter-Gabrielyan, Alexander J. Summers, and Peter Müller. 2019b. Modular Verification of Heap Reachability Properties in Separation Logic (Artifact). Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Hongseok Yang. 2001a. An example of local reasoning in BI pointer logic: the Schorr-Waite graph marking algorithm. In Proceedings of the SPACE Workshop.Google ScholarGoogle Scholar
  32. Hongseok Yang. 2001b. Local Reasoning for Stateful Programs. Ph.D. Dissertation. Advisor(s) Uday S. Reddy.Google ScholarGoogle Scholar

Index Terms

  1. Modular verification of heap reachability properties in separation logic

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!