Verification Condition Generation for Permission Logics with Abstract Predicates and Abstraction Functions

Self Cite

205

158

Abstract. The automation of verification techniques based on firstorder logic specifications has benefited greatly from verification infrastructures such as Boogie and Why. These offer an intermediate language that can express diverse language features and verification techniques, as well as back-end tools such as verification condition generators. However, these infrastructures are not well suited for verification techniques based on separation logic and other permission logics, because they do not provide direct support for permissions and because existing tools for these logics often prefer symbolic execution over verification condition generation. Consequently, tool support for these logics is typically developed independently for each technique, dramatically increasing the burden of developing automatic tools for permission-based verification. In this paper, we present a verification infrastructure whose intermediate language supports an expressive permission model natively. We provide tool support, including two back-end verifiers, one based on symbolic execution, and one on verification condition generation; this facilitates experimenting with the two prevailing techniques in automated verification. Various existing verification techniques can be implemented via this infrastructure, alleviating much of the burden of building permissionbased verifiers, and allowing the developers of higher-level techniques to focus their efforts at the appropriate level of abstraction.

Section: Verification Condition Generation With Carbonmentioning

confidence: 99%

Viper: A Verification Infrastructure for Permission-Based Reasoning

Müller

Schwerhoff

Summers

2015

Self Cite

205

158

“…Permissions provide a straightforward story for framing the values of heap locations (and pure quantifiers over these): so long as the symbolic state contains some permission to a field location, its value will be preserved. However, framing heap-dependent functions is more complicated [20,8]. The value of a function can be framed so long as all locations the function depends on remain unchanged.…”

Section: Framing Heap-dependent Expressionsmentioning

confidence: 99%

“…In this paper, we present the first symbolic execution technique that directly supports general forms of ISC. Our technique is compatible with other features of permission logics: it supports fractional permissions [5], such that a heap location may be ranged over by several ISCs, and allows ISC to occur in predicate bodies and in preconditions of abstraction functions [8].…”

Section: Introductionmentioning

confidence: 96%

Automatic Verification of Iterated Separating Conjunctions Using Symbolic Execution

Müller

Schwerhoff

Summers

2016

Self Cite

In permission logics such as separation logic, the iterated separating conjunction is a quantifier denoting access permission to an unbounded set of heap locations. In contrast to recursive predicates, iterated separating conjunctions do not prescribe a structure on the locations they range over, and so do not restrict how to traverse and modify these locations. This flexibility is important for the verification of random-access data structures such as arrays and data structures that can be traversed in multiple ways such as graphs. Despite its usefulness, no automatic program verifier natively supports iterated separating conjunctions; they are especially difficult to incorporate into symbolic execution engines, the prevalent technique for building verifiers for these logics.In this paper, we present the first symbolic execution technique to support general iterated separating conjunctions. We propose a novel representation of symbolic heaps and flexible support for logical specifications that quantify over heap locations. Our technique exhibits predictable and fast performance despite employing quantifiers at the SMT level, by carefully controlling quantifier instantiations. It is compatible with other features of permission logics such as fractional permissions, recursive predicates, and abstraction functions. Our technique is implemented as an extension of the Viper verification infrastructure.

“…limited to listsegments); other verifiers support user defined, separation-logic predicates, with various heuristics for entailment [8,10]. Art is related to natural proofs [29,25] and the work of Heule et al [16], which instantiate recursive predicates using the local footprint of the heap accessed by a procedure, similar to how we insert fold and unfold heap annotations, enabling generalization and instantiation of structure properties. Finally, heap binders make it possible to use recursive functions (e.g.…”

Section: Related Workmentioning

confidence: 99%

Predicate Abstraction for Linked Data Structures

Bakst

Jhala

2015

We present Alias Refinement Types (Art), a new approach that uses predicate-abstraction to automate the verification of correctness properties of linked data structures. While there are many techniques for checking that a heap-manipulating program adheres to its specification, they often require that the programmer annotate the behavior of each procedure, for example, in the form of loop invariants and pre-and post-conditions. We introduce a technique that lifts predicate abstraction to the heap by factoring the analysis of data structures into two orthogonal components: (1) Alias Types, which reason about the physical shape of heap structures, and (2) Refinement Types, which use simple predicates from an SMT decidable theory to capture the logical or semantic properties of the structures. We evaluate Art by implementing a tool that performs type inference for an imperative language, and empirically show, using a suite of data-structure benchmarks, that Art requires only 21% of the annotations needed by other state-of-the-art verification techniques.