Results 1 
3 of
3
On automating separation logic with trees and data.
, 2014
"... Abstract. Separation logic (SL) is a widely used formalism for verifying heap manipulating programs. Existing SL solvers focus on decidable fragments for listlike structures. More complex data structures such as trees are typically unsupported in implementations, or handled by incomplete heuristic ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. Separation logic (SL) is a widely used formalism for verifying heap manipulating programs. Existing SL solvers focus on decidable fragments for listlike structures. More complex data structures such as trees are typically unsupported in implementations, or handled by incomplete heuristics. While complete decision procedures for reasoning about trees have been proposed, these procedures suffer from high complexity, or make global assumptions about the heap that contradict the separation logic philosophy of local reasoning. In this paper, we present a fragment of classical firstorder logic for local reasoning about treelike data structures. The logic is decidable in NP and the decision procedure allows for combinations with other decidable firstorder theories for reasoning about data. Such extensions are essential for proving functional correctness properties. We have implemented our decision procedure and, building on earlier work on translating SL proof obligations into classical logic, integrated it into an SLbased verification tool. We successfully used the tool to verify functional correctness of treebased data structure implementations.
Learning to Verify the Heap
"... Abstract. We present a datadriven verification framework to automatically prove memory safety and functional correctness of heap programs. For this, we introduce a novel statistical machine learning technique that maps observed program states to (possibly disjunctive) separation logic formulas des ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We present a datadriven verification framework to automatically prove memory safety and functional correctness of heap programs. For this, we introduce a novel statistical machine learning technique that maps observed program states to (possibly disjunctive) separation logic formulas describing the invariant shape of (possibly nested) data structures at relevant program locations. We then attempt to verify these predictions using a theorem prover, where counterexamples to a predicted invariant are used as additional input to the shape predictor in a refinement loop. After obtaining valid shape invariants, we use a second learning algorithm to strengthen them with data invariants, again employing a refinement loop using the underlying theorem prover. We have implemented our techniques in Cricket, an extension of the GRASShopper verification tool. Cricket is able to automatically prove memory safety and correctness of implementations of a variety of classical heapmanipulating programs such as insertionsort, quicksort and traversals of nested data structures.
On Automated Lemma Generation for Separation Logic with Inductive Definitions?
"... Abstract. Separation Logic with inductive definitions is a wellknown approach for deductive verification of programs that manipulate dynamic data structures. Deciding verification conditions in this context is usually based on userprovided lemmas relating the inductive definitions. We propose a n ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Separation Logic with inductive definitions is a wellknown approach for deductive verification of programs that manipulate dynamic data structures. Deciding verification conditions in this context is usually based on userprovided lemmas relating the inductive definitions. We propose a novel approach for generating these lemmas automatically which is based on simple syntactic criteria and deterministic strategies for applying them. Our approach focuses on iterative programs, although it can be applied to recursive programs as well, and specifications that describe not only the shape of the data structures, but also their content or their size. Empirically, we find that our approach is powerful enough to deal with sophisticated benchmarks, e.g., iterative procedures for searching, inserting, or deleting elements in sorted lists, binary search tress, redblack trees, and AVL trees, in a very efficient way. 1