CS6202 Separation Logic 1 CS6202: Advanced Topics in Programming Languages and Systems Lecture 8/9 : Separation Logic • Overview • Assertion Logic • Semantic Model • Hoare-style Inference Rules • Specification and Annotations • Linked List and Segments • Trees and Instuitionistic Logic • (above from John Reynold’s mini-course) • Automated Verification CS6202 Separation Logic 2 Motiva tion Motiva tion Program reasoning is important for: correctness of software safety (fewer or no bugs) performance guarantee optimization CS6202 Separation Logic 3 Hoa re Logic Hoa re Logic Can handle reasoning of imperative programs well. Notation : {P} code {Q} {P} precondition before executing code {Q} postcondition after executing code Some examples : {x=1} x:=x+1 {x=2} {x=x 0 } x:=x+1 {x=x 0 +1} {Q[x+1/x]} x:=x+1 {Q} {P} x:=x+1 {x 1 . P[x 1 /x] A x=x 1 +1} CS6202 Separation Logic 4 Problem Problem Hoare logic can handle program variables but not heap objects well due to aliasing problems. Consider an in-place list reversal algorithm [i] denotes a heap location at address i
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CS6202 Separation Logic 1
CS6202: Advanced Topics in ProgrammingLanguages and Systems
Lecture 8/9 : Separation Logic
• Overview• Assertion Logic• Semantic Model• Hoare-style Inference Rules• Specification and Annotations• Linked List and Segments• Trees and Instuitionistic Logic• (above from John Reynold’s mini-course)• Automated Verification
CS6202 Separation Logic 2
MotivationMotivation
Program reasoning is important for:
correctness of software
safety (fewer or no bugs)
performance guarantee
optimization
CS6202 Separation Logic 3
Hoare LogicHoare Logic
Can handle reasoning of imperative programs well.
Notation : {P} code {Q}{P} precondition before executing code{Q} postcondition after executing code
Some examples : {x=1} x:=x+1 {x=2}
{x=x0} x:=x+1 {x=x0+1}
{Q[x+1/x]} x:=x+1 {Q}
{P} x:=x+1 {� x1. P[x1/x] A x=x1+1}
CS6202 Separation Logic 4
ProblemProblem
Hoare logic can handle program variables but not heapobjects well due to aliasing problems.
Consider an in-place list reversal algorithm
[i] denotes a heap location at address i
CS6202 Separation Logic 5
Loop InvariantLoop Invariant
Loop invariant is a statement that holds at the beginning ofeach iteration of the loop.
heap predicate relates a listof elements and a pointer
CS6202 Separation Logic 6
Loop InvariantLoop Invariant
in separation logic :
CS6202 Separation Logic 7
Ba sics of Separation LogicBa sics of Separation Logic
CS6202 Separation Logic 8
Simple Language with Heap StoreSimple Language with Heap Store
Total Correctness SpecificationTotal Correctness Specification
CS6202 Separation Logic 21
Examples of Valid SpecificationsExamples of Valid Specifications
CS6202 Separation Logic 22
Hoare Inference RulesHoare Inference Rules
CS6202 Separation Logic 23
Hoare Inference RulesHoare Inference Rules
Structural rules are applicable to any commands.
CS6202 Separation Logic 24
Partial Correctness of While LoopPartial Correctness of While Loop
CS6202 Separation Logic 25
Total Correctness of While LoopTotal Correctness of While Loop
CS6202 Separation Logic 26
Hoare Inference RulesHoare Inference Rules
CS6202 Separation Logic 27
Hoare Inference RulesHoare Inference Rules
CS6202 Separation Logic 28
Annotated SpecificationsAnnotated Specifications
In annotated specifications, additional assertions calledannotations are placed in command in such a way that itassist proof construction process.Examples :
Things that no longer hold include:law of excluded middle (P B � P)double negation (� � P = P)Pierce’s law (((P � Q) � P) � P)
Formulae valid in intuitionistic separation logic but not theclassical one.
x � 1,y � empx � 1,y * y � ,nil � x � 1,_
CS6202 Separation Logic 53
IntuitionisticIntuitionistic AssertionAssertion
CS6202 Separation Logic 54
Inference for ProceduresInference for Procedures
CS6202 Separation Logic 55
Copying TreeCopying Tree
CS6202 Separation Logic 56
Copying Tree (Proof)Copying Tree (Proof)
CS6202 Separation Logic 57
Copying Tree (Proof)Copying Tree (Proof)
CS6202 Separation Logic 58
Automated VerificationAutomated Verification
Modular Verification (i) Given pre/post conditions for each method and loop(ii) Determine each postcondition is sound for method body.(iii) Each precondition is satisfied for each call site.
Why Verification?(i) can handle more complex examples(ii) can be used to check inference algorithm(iii) grand challenge of verifiable software
CS6202 Separation Logic 59
Core Imperative LanguageCore Imperative Language
CS6202 Separation Logic 60
Data Nodes and NotationData Nodes and Notation
CS6202 Separation Logic 61
Shape PredicatesShape Predicates
Linked-list with size
Double linked-list (right traversal) with size
Sorted linked-list with size, min, max
CS6202 Separation Logic 62
Insertion Sort AlgorithmInsertion Sort Algorithm
CS6202 Separation Logic 63
Prime NotationPrime Notation
Prime notation is used to capture the latest valuesof each program variable. This allows a statetransition to be expressed since the unprimed
form denotes original values.
CS6202 Separation Logic 64
Prime NotationPrime Notation
Example :
{x’=x A y’=y}x:=x+1
{x’=x+1 A y’=y}x:=x+y{x’=x+1+y A y’=y}y:=2{x’=x+1+y A y’=2}