Log In Sign Up

Exact Separation Logic

by   Petar Maksimović, et al.

Over-approximating (OX) program logics, such as separation logic, are used to verify properties of heap-manipulating programs: all terminating behaviour is characterised but the reported results and errors need not be reachable. OX function specifications are thus incompatible with true bug-finding supported by symbolic execution tools such as Pulse and Gillian. In contrast, under-approximating (UX) program logics, such as incorrectness separation logic, are used to find true results and bugs: reported results and errors are reachable, but not all behaviour can be characterised. UX function specifications thus cannot capture full verification. We introduce exact separation logic (ESL), which provides fully verified function specifications compatible with true bug finding: all terminating behaviour is characterised, and all reported results and errors are reachable. ESL requires subtle definitions of internal and external function specifications compared with the familiar definitions of OX logics. It supports reasoning about mutually recursive functions and non-termination. We prove frame-preserving soundness for ESL, demonstrating, for the first time, functional compositionality for a non-OX program logic. We investigate the expressivity of ESL and the role of abstraction in UX reasoning by verifying abstract ESL specifications of list algorithms. To show overall viability of exact verification for true bug-finding, we formalise a compositional symbolic execution semantics capable of using ESL specifications and characterise the conditions that these specifications must respect so that true bug-finding is preserved.


page 1

page 2

page 3

page 4


Verification-Preserving Inlining in Automatic Separation Logic Verifiers (extended version)

Bounded verification has proved useful to detect bugs and to increase co...

Specifying Concurrent Programs in Separation Logic: Morphisms and Simulations

In addition to pre- and postconditions, program specifications in recent...

Relational Symbolic Execution

Symbolic execution is a classical program analysis technique, widely use...

Abstraction Logic: The Marriage of Contextual Refinement and Separation Logic

Contextual refinement and separation logics are successful verification ...

Gradual C0: Symbolic Execution for Efficient Gradual Verification

Current static verification techniques such as separation logic support ...

Reasoning about Block-based Cloud Storage Systems

Owing to the massive growth in the storage demands of big data, Cloud St...

RHLE: Automatic Verification of ∀∃-Hyperproperties

Specifications of program behavior typically consider single executions ...