Results 1  10
of
12
Decidable logics combining heap structures and data
 IN: POPL’11
, 2011
"... We define a new logic, STRAND, that allows reasoning with heapmanipulating programs using deductive verification and SMT solvers. STRAND logic (“STRucture ANd Data ” logic) formulas express constraints involving heap structures and the data they contain; they are defined over a class of pointerstru ..."
Abstract

Cited by 26 (9 self)
 Add to MetaCart
(Show Context)
We define a new logic, STRAND, that allows reasoning with heapmanipulating programs using deductive verification and SMT solvers. STRAND logic (“STRucture ANd Data ” logic) formulas express constraints involving heap structures and the data they contain; they are defined over a class of pointerstructures R defined using MSOdefined relations over trees, and are of the form ∃⃗x∀⃗yϕ(⃗x, ⃗y), where ϕ is a monadic secondorder logic (MSO) formula with additional quantification that combines structural constraints as well as dataconstraints, but where the dataconstraints are only allowed to refer to ⃗x and ⃗y. The salient aspects of the logic are: (a) the logic is powerful, allowing existential and universal quantification over the nodes, and complex combinations of data and structural constraints; (b) checking Hoaretriples for linear blocks of statements with preconditions and postconditions expressed as Boolean combinations of existential and universal STRAND formulas reduces to satisfiability of a STRAND formula; (c) there are powerful decidable fragments of STRAND, one semantically defined and one syntactically defined, where the decision procedure works by combining the theory of MSO over trees and the quantifierfree theory of the underlying datalogic. We demonstrate the effectiveness and practicality of the logic by checking verification conditions generated in proving properties of several heapmanipulating programs, using a tool that combines an MSO decision procedure over trees (MONA) with an SMT solver for integer constraints (Z3).
Linear Functional Fixedpoints
, 2009
"... We introduce a logic of functional fixedpoints. It is suitable for analyzing heapmanipulating programs and can encode several logics used for program verification with different ways of expressing reachability. While full fixedpoint logic remains undecidable, several subsets admit decision proced ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
We introduce a logic of functional fixedpoints. It is suitable for analyzing heapmanipulating programs and can encode several logics used for program verification with different ways of expressing reachability. While full fixedpoint logic remains undecidable, several subsets admit decision procedures. In particular, for the logic of linear functional fixedpoints, we develop an abstraction refinement integration of the SMT solver Z3 and a satisfiability checker for propositional lineartime temporal logic. The integration refines the temporal abstraction by generating safety formulas until the temporal abstraction is unsatisfiable or a model for it is also a model for the functional fixedpoint formula.
Natural Proofs for Structure, Data, and Separation
"... We propose natural proofs for reasoning with programs that manipulate datastructures against specifications that describe the structure of the heap, the data stored within it, and separation and framing of substructures. Natural proofs are a subclass of proofs that are amenable to completely autom ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
We propose natural proofs for reasoning with programs that manipulate datastructures against specifications that describe the structure of the heap, the data stored within it, and separation and framing of substructures. Natural proofs are a subclass of proofs that are amenable to completely automated reasoning, that provide sound but incomplete procedures, and that capture common reasoning tactics in program verification. We develop a dialect of separation logic over heaps, called Dryad, with recursive definitions that avoids explicit quantification. We develop ways to reason with heaplets using classical logic over the theory of sets, and develop natural proofs for reasoning using proof tactics involving disciplined unfoldings and formula abstractions. Natural proofs are encoded into decidable theories of firstorder logic so as to be discharged using SMT solvers. We also implement the technique and show that a large class of more than 100 correct programs that manipulate datastructures are amenable to full functional correctness using the proposed natural proof method. These programs are drawn from a variety of sources including standard datastructures, the SchorrWaite algorithm for garbage collection, a large number of lowlevel C routines from the Glib library and OpenBSD library, the Linux kernel, and routines from a secure verified OSbrowser project. Our work is the first that we know of that can handle such a wide range of full functional verification properties of heaps automatically, given pre/post and loop invariant annotations. We believe that this work paves the way for deductive verification technology to be used by programmers who do not (and need not) understand the internals of the underlying logic solvers, significantly increasing their applicability in building reliable systems.
Recursive proofs for inductive tree datastructures
 In POPL’12 (2012), ACM
"... Abstract We develop logical mechanisms and procedures to facilitate the verification of full functional properties of inductive tree datastructures using recursion that are sound, incomplete, but terminating. Our contribution rests in a new extension of firstorder logic with recursive definitions ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
Abstract We develop logical mechanisms and procedures to facilitate the verification of full functional properties of inductive tree datastructures using recursion that are sound, incomplete, but terminating. Our contribution rests in a new extension of firstorder logic with recursive definitions called Dryad, a syntactical restriction on preand postconditions of recursive imperative programs using Dryad, and a systematic methodology for accurately unfolding the footprint on the heap uncovered by the program that leads to finding simple recursive proofs using formula abstraction and calls to SMT solvers. We evaluate our methodology empirically and show that several complex tree datastructure algorithms can be checked against full functional specifications automatically, given preand postconditions. This results in the first automatic terminating methodology for proving a wide variety of annotated algorithms on tree datastructures correct, including maxheaps, treaps, redblack trees, AVL trees, binomial heaps, and Btrees.
Efficient Decision Procedures for Heaps using STRAND
"... The Strand [10] logic allows expressing structural properties of heaps combined with the data stored in the nodes of the heap. A semantic fragment of Strand as well as a syntactically defined subfragment of it are known to be decidable [10]. The known decision procedure works by combining a decisi ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
The Strand [10] logic allows expressing structural properties of heaps combined with the data stored in the nodes of the heap. A semantic fragment of Strand as well as a syntactically defined subfragment of it are known to be decidable [10]. The known decision procedure works by combining a decision procedure for MSO on trees (implemented by the tool Mona) and a decision procedure for the quantifierfree fragment of the datatheory (say, integers, and implemented using a solver like Z3). The known algorithm for deciding the syntactically defined decidable fragment (which is the same as the one for the semantically defined decidable fragment) involves solving large MSO formulas over trees, whose solution is the main bottleneck in obtaining efficient algorithms. In this paper, we focus on the syntactically defined decidable fragment of Strand, and obtain a new and more efficient algorithm. Using a set of experiments obtained from verification conditions of heapmanipulating programs, we show the practical benefits of the new algorithm.
SatisfiabilityBased Program REASONING AND PROGRAM SYNTHESIS
, 2010
"... Program reasoning consists of the tasks of automatically and statically verifying correctness and inferring properties of programs. Program synthesis is the task of automatically generating programs. Both program reasoning and synthesis are theoretically undecidable, but the results in this disserta ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Program reasoning consists of the tasks of automatically and statically verifying correctness and inferring properties of programs. Program synthesis is the task of automatically generating programs. Both program reasoning and synthesis are theoretically undecidable, but the results in this dissertation show that they are practically tractable. We show that there is enough structure in programs written by human developers to make program reasoning feasible, and additionally we can leverage program reasoning technology for automatic program synthesis. This dissertation describes expressive and efficient techniques for program reasoning and program synthesis. Our techniques work by encoding the underlying inference tasks as solutions to satisfiability instances. A core ingredient in the reduction of these problems to finite satisfiability instances is the assumption of templates. Templates are userprovided hints about the structural form of the desired artifact, e.g., invariant, pre and postcondition templates for reasoning; or program templates for synthesis. We propose novel algorithms, parameterized by suitable templates, that reduce the inference of these artifacts to satisfiability. We show that fixedpoint computation—the key technical challenge in program reasoning— is encodable as SAT instances. We also show that program synthesis can be viewed as generalized
Automating proofs of datastructure properties in imperative programs
 CoRR
"... We consider the problem of automated reasoning about dynamically manipulated data structures. The stateoftheart methods are limited to the unfoldandmatch (U+M) paradigm, where predicates are transformed via (un)folding operations induced from their definitions before being treated as uninterp ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
We consider the problem of automated reasoning about dynamically manipulated data structures. The stateoftheart methods are limited to the unfoldandmatch (U+M) paradigm, where predicates are transformed via (un)folding operations induced from their definitions before being treated as uninterpreted. However, proof obligations from verifying programs with iterative loops and multiple function calls often do not succumb to this paradigm. Our contribution is a proof method which – beyond U+M – performs automatic formula rewriting by treating previously encountered obligations in each proof path as possible induction hypotheses. This enables us, for the first time, to systematically reason about a wide range of obligations, arising from practical program verification. We demonstrate the power of our proof rules on commonly used lemmas, thereby close the remaining gaps in existing stateoftheart systems. Another impact, probably more important, is that our method regains the power of compositional reasoning, and shows that the usage of userprovided lemmas is no longer needed for the existing set of benchmarks. This not only removes the burden of coming up with the appropriate lemmas, but also significantly boosts up the verification process, since lemma applications, coupled with unfolding, often induce very large search space. 1.
A Framework for Inductive Proofs of Data Structures
"... We consider the problem of automated program verification with emphasis on reasoning about dynamically manipulated data structures. We begin with an existing specification language which has two key features: (a) the use of explicit heap variables, and (b) user defined recursive properties in a wrap ..."
Abstract
 Add to MetaCart
(Show Context)
We consider the problem of automated program verification with emphasis on reasoning about dynamically manipulated data structures. We begin with an existing specification language which has two key features: (a) the use of explicit heap variables, and (b) user defined recursive properties in a wrapper logic language. The language provides a newlevel of expressiveness for specifying properties of heap manipulations. The main contribution, however, is an algorithm to automatically prove verification conditions when formulas in the specification language are used as assertions in programs. More precisely, we consider verification of heap manipulating programs that combines user written modular contracts and loop invariants with completely automated theorem proving of the resulting verification conditions. The key feature of the algorithm is the ability to automatically employ induction proof steps with respect to dynamically generated induction hypotheses. Though necessarily still incomplete, the algorithm provides a new level of automation. 1.
The MathSAT 4 SMT Solver (Tool Paper)
, 2008
"... We present MathSAT 4, a stateoftheart SMT solver. MathSAT 4 handles several useful theories: (combinations of) equality and uninterpreted functions, difference logic, linear arithmetic, and the theory of bitvectors. It was explicitly designed for being used in formal verification, and thus pr ..."
Abstract
 Add to MetaCart
(Show Context)
We present MathSAT 4, a stateoftheart SMT solver. MathSAT 4 handles several useful theories: (combinations of) equality and uninterpreted functions, difference logic, linear arithmetic, and the theory of bitvectors. It was explicitly designed for being used in formal verification, and thus provides functionalities which extend the applicability of SMT in this setting. In particular: model generation (for counterexample reconstruction), model enumeration (for predicate abstraction), an incremental interface (for BMC), and computation of unsatisfiable cores and Craig interpolants (for abstraction refinement).