Abstract

Most automated verifiers for separation logic are based on the symbolic-heap fragment, which disallows both the magic-wand operator and the application of classical Boolean operators to spatial formulas. This is not surprising, as support for the magic wand quickly leads to undecidability, especially when combined with inductive predicates for reasoning about data structures. To circumvent these undecidability results, we propose assigning a more restrictive semantics to the separating conjunction. We argue that the resulting logic, strong-separation logic, can be used for symbolic execution and abductive reasoning just like “standard” separation logic, while remaining decidable even in the presence of both the magic wand and the list-segment predicate—a combination of features that leads to undecidability for the standard semantics.

Highlights

  • Separation logic [40] is one of the most successful formalisms for the analysis and verification of programs making use of dynamic resources such as heap memory and access permissions [7,30,10,5,17,24,9]

  • Why should I care? We argue that SSL is a promising proposal for automated program verification: 1) We show that the memory models of strong-separation logic form a separation algebra [11], which guarantees the soundness of the standard frame rule of SL [40]

  • 3) We establish that the satisfiability and entailment problem for full propositional separation logic with the singly-linked list-segment predicate is decidable in our semantics—in stark contrast to the aforementioned undecidability result obtained by Demri et al [16] assuming the standard semantics

Read more

Summary

Introduction

Separation logic [40] is one of the most successful formalisms for the analysis and verification of programs making use of dynamic resources such as heap memory and access permissions [7,30,10,5,17,24,9]. 3) We establish that the satisfiability and entailment problem for full propositional separation logic with the singly-linked list-segment predicate is decidable in our semantics (in PSpace)—in stark contrast to the aforementioned undecidability result obtained by Demri et al [16] assuming the standard semantics. 2. We present a PSpace decision procedure for strong-separation logic with points-to assertions, the list-segment predicate ls(x, y), and spatial and classical operators, i.e., ∗, −∗, ∧, ∨, ¬1—a logic that is undecidable when assuming the standard semantics [16]. There is a significant body of work studying first-order SL with the magic wand and unary points-to assertions, but without a list predicate This logic was first shown to be undecidable in [8]; a result that has since been refined, showing e.g. that while satisfiability is still in PSpace if we allow one quantified variable [15], two variables already lead to undecidability, even without the separating conjunction [14]. All missing proofs are given in the extended version [33] for space reasons

Preliminaries
Two Semantics of Separation Logic
Correspondence of Strong and Weak Semantics on Positive Formulas
Deciding the SSL Satisfiability Problem
Memory Chunks
Abstract Memory States
The Refinement Theorem for SSL
Recursive Equations for Abstract Memory States
Refining the Refinement Theorem
Deciding SSL by AMS Computation
Complexity of the SSL Satisfiability Problem
Program Verification with Strong-Separation Logic
Normal Forms and the Abduction Problem
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call