Automatic Verification of Iterated Separating Conjunctions Using Symbolic Execution

Müller, Péter; Schwerhoff, Malte; Summers, Alexander J.

doi:10.1007/978-3-319-41528-4_22

Cited by 22 publications

(19 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, the postcondition on its own does not imply the final graph is completely marked. The crucial point here is that the proof in [24] does not prove the same thing as we do. As an aside, that proof is not about local reasoning; it does not use framing at all.…”

Section: The Frame Rulementioning

confidence: 68%

“…Remark: There is a recently published proof [24] that considers a similar graph marking algorithm. By supporting the construct of iterated separating conjunction [31], they managed to "verify challenging examples such as graph-marking algorithms that so far were beyond the scope of automated verifiers based on permission logics [such as SL and IDFs]".…”

Section: The Frame Rulementioning

confidence: 99%

See 1 more Smart Citation

Automatic Reasoning on Recursive Data-Structures with Sharing

Chu,

Jaffar

2015

Preprint

View full text Add to dashboard Cite

We consider the problem of automatically verifying programs which manipulate arbitrary data structures. Our specification language is expressive, contains a notion of separation, and thus enables a precise specification of frames. The main contribution then is a program verification method which combines strongest postcondition reasoning in the form symbolic execution, unfolding recursive definitions of the data structure in question, and a new frame rule to achieve local reasoning so that proofs can be compositional. Finally, we present an implementation of our verifier, and demonstrate automation on a number of representative programs. In particular, we present the first automatic proof of a classic graph marking algorithm, paving the way for dealing with a class of programs which traverse a complex data structure.

show abstract

Section: The Frame Rulementioning

confidence: 68%

Section: The Frame Rulementioning

confidence: 99%

Automatic Reasoning on Recursive Data-Structures with Sharing

Chu,

Jaffar

2015

Preprint

View full text Add to dashboard Cite

show abstract

“…The Union-Find case study exploits this power in several ways: we find that (say) reasoning about a complex potential function ( §6) or working with iterated separating conjunctions ( §7) is not significantly more difficult in Coq than on paper. In contrast, supporting iterated separating conjunctions in an automated program verifier is possible but challenging (Müller et al, 2016). The interactive approach to program verification has been explored in several projects, including Ynot (Nanevski et al, 2007(Nanevski et al, , 2008aChlipala et al, 2009), Bedrock (Chlipala, 2013), and CFML (Charguéraud, 2010(Charguéraud, , 2013.…”

Section: Separation Logic and Time Creditsmentioning

confidence: 99%

Verifying the Correctness and Amortized Complexity of a Union-Find Implementation in Separation Logic with Time Credits

Charguéraud

Pottier

2017

J Autom Reasoning

View full text Add to dashboard Cite

Union-Find is a famous example of a simple data structure whose amortized asymptotic time complexity analysis is nontrivial. We present a Coq formalization of this analysis, following Alstrup et al.'s recent proof (2014). Moreover, we implement Union-Find as an OCaml library and formally endow it with a modular specification that offers a full functional correctness guarantee as well as an amortized complexity bound. In order to reason in Coq about imperative OCaml code, we use the CFML tool, which implements Separation Logic for a subset of OCaml, and which we extend with time credits. Although it was known in principle that amortized analysis can be explained in terms of time credits and that time credits can be viewed as resources in Separation Logic, we believe our work is the first practical demonstration of this approach. Finally, in order to explain the metatheoretical foundations of our approach, we define a Separation Logic with time credits for an untyped call-by-value λ-calculus, and formally verify its soundness.

show abstract

“…We assume that for any inhale or exhale statements, the permission expression p denotes a non-negative fraction. For simplicity, we restrict inhale and exhale statements to a single array location, but the extension to unboundedly-many locations from the same array is straightforward [37].…”

Section: Programming Languagementioning

confidence: 99%

Permission Inference for Array Programs

Dohrau

Summers

Urban

et al. 2018

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Abstract. Information about the memory locations accessed by a program is, for instance, required for program parallelisation and program verification. Existing inference techniques for this information provide only partial solutions for the important class of array-manipulating programs. In this paper, we present a static analysis that infers the memory footprint of an array program in terms of permission pre-and postconditions as used, for example, in separation logic. This formulation allows our analysis to handle concurrent programs and produces specifications that can be used by verification tools. Our analysis expresses the permissions required by a loop via maximum expressions over the individual loop iterations. These maximum expressions are then solved by a novel maximum elimination algorithm, in the spirit of quantifier elimination. Our approach is sound and is implemented; an evaluation on existing benchmarks for memory safety of array programs demonstrates accurate results, even for programs with complex access patterns and nested loops.

show abstract

Automatic Verification of Iterated Separating Conjunctions Using Symbolic Execution

Cited by 22 publications

References 23 publications

Automatic Reasoning on Recursive Data-Structures with Sharing

Automatic Reasoning on Recursive Data-Structures with Sharing

Verifying the Correctness and Amortized Complexity of a Union-Find Implementation in Separation Logic with Time Credits

Permission Inference for Array Programs

Contact Info

Product

Resources

About