Results 1 
9 of
9
Undecidability of propositional separation logic and its neighbours
"... Separation logic has proven an adequate formalism for the analysis of programs that manipulate memory (in the form of pointers, heaps, stacks, etc.). In this paper, we consider the purely propositional fragment of separation logic, as well as a number of closely related substructural logical systems ..."
Abstract

Cited by 18 (7 self)
 Add to MetaCart
Separation logic has proven an adequate formalism for the analysis of programs that manipulate memory (in the form of pointers, heaps, stacks, etc.). In this paper, we consider the purely propositional fragment of separation logic, as well as a number of closely related substructural logical systems. We show that, surprisingly, all of these propositional logics are undecidable. In particular, we solve an open problem by establishing the undecidability of Boolean BI. 1
Proof search for propositional abstract separation logics via labelled sequents
 In POPL’14. ACM
, 2014
"... ar ..."
(Show Context)
Biintuitionistic Boolean Bunched Logic
, 2014
"... We formulate and investigate a biintuitionistic extension, BiBBI, of the well known bunched logic Boolean BI (BBI), obtained by combining classical logic with full intuitionistic linear logic as considered by Hyland and de Paiva (as opposed to standard multiplicative intuitionistic linear logic). T ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
We formulate and investigate a biintuitionistic extension, BiBBI, of the well known bunched logic Boolean BI (BBI), obtained by combining classical logic with full intuitionistic linear logic as considered by Hyland and de Paiva (as opposed to standard multiplicative intuitionistic linear logic). Thus, in addition to the multiplicative conjunction ∗ with its adjoint implication — ∗ and unit ⊤ ∗ , which are provided by BBI, our logic also features an intuitionistic multiplicative disjunction ∗ ∨, with its adjoint coimplication \ and unit ⊥ ∗. “Intuitionism ” for the multiplicatives means here that disjunction and conjunction are related by a weak distribution principle, rather than by De Morgan equivalence. We formulate a Kripke semantics for BiBBI in which all the above multiplicatives are given an intuitionistic reading in terms of resource operations. Our main theoretical result is that validity according to this semantics exactly coincides with provability in our logic, given by a standard Hilbertstyle axiomatic proof system. In particular, we isolate the Kripke frame conditions corresponding to various natural logical principles of FILL, which allows us to present soundness and completeness results that are modular with
Automating proofs of datastructure properties in imperative programs
 CoRR
"... We consider the problem of automated reasoning about dynamically manipulated data structures. The stateoftheart methods are limited to the unfoldandmatch (U+M) paradigm, where predicates are transformed via (un)folding operations induced from their definitions before being treated as uninterp ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
We consider the problem of automated reasoning about dynamically manipulated data structures. The stateoftheart methods are limited to the unfoldandmatch (U+M) paradigm, where predicates are transformed via (un)folding operations induced from their definitions before being treated as uninterpreted. However, proof obligations from verifying programs with iterative loops and multiple function calls often do not succumb to this paradigm. Our contribution is a proof method which – beyond U+M – performs automatic formula rewriting by treating previously encountered obligations in each proof path as possible induction hypotheses. This enables us, for the first time, to systematically reason about a wide range of obligations, arising from practical program verification. We demonstrate the power of our proof rules on commonly used lemmas, thereby close the remaining gaps in existing stateoftheart systems. Another impact, probably more important, is that our method regains the power of compositional reasoning, and shows that the usage of userprovided lemmas is no longer needed for the existing set of benchmarks. This not only removes the burden of coming up with the appropriate lemmas, but also significantly boosts up the verification process, since lemma applications, coupled with unfolding, often induce very large search space. 1.
The formal strong completeness of partial monoidal Boolean BI
, 2013
"... This paper presents a selfcontained proof of the strong completeness of the labeled tableaux method for partial monoidal Boolean BI: if a formula has no tableau proof then there exists a countermodel for it which is simple. Simple countermodels are those which are generated from the specific cons ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
This paper presents a selfcontained proof of the strong completeness of the labeled tableaux method for partial monoidal Boolean BI: if a formula has no tableau proof then there exists a countermodel for it which is simple. Simple countermodels are those which are generated from the specific constraints that occur during the tableaux proofsearch process. As a companion to this paper, we provide a complete formalisation of this result in Coq1 and discuss some of its implementation details. 1
ModuRes: a Coq Library for Modular Reasoning about Concurrent HigherOrder Imperative Programming Languages
"... Abstract. It is wellknown that it is challenging to build semantic models of type systems or logics for reasoning about concurrent higherorder imperative programming languages. One of the key challenges is that such semantic models often involve constructing solutions to certain kinds of recursiv ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. It is wellknown that it is challenging to build semantic models of type systems or logics for reasoning about concurrent higherorder imperative programming languages. One of the key challenges is that such semantic models often involve constructing solutions to certain kinds of recursive domain equations, which in practice has been a barrier to formalization efforts. Here we present the ModuRes Coq library, which provides an easy way to solve such equations. We show how the library can be used to construct models of type systems and logics for reasoning about concurrent higherorder imperative programming languages. 1
Separation Logics and Modalities: A Survey
 JOURNAL OF APPLIED NONCLASSICAL LOGICS
, 2015
"... Like modal logic, temporal logic, or description logic, separation logic has become a popular class of logical formalisms in computer science, conceived as assertion languages for Hoarestyle proof systems with the goal to perform automatic program analysis. In a broad sense, separation logic is oft ..."
Abstract
 Add to MetaCart
Like modal logic, temporal logic, or description logic, separation logic has become a popular class of logical formalisms in computer science, conceived as assertion languages for Hoarestyle proof systems with the goal to perform automatic program analysis. In a broad sense, separation logic is often understood as a programming language, an assertion language and a family of rules involving Hoare triples. In this survey, we present similarities between separation logic as an assertion language and modal and temporal logics. Moreover, we propose a selection of landmark results about decidability, complexity and expressive power.
ENS de Cachan Title: Translation methods for deciding separation logics
"... Direct approach vs. translation for nonclassical logics In order to mechanize nonclassical logics, there exist at least two main approaches. The direct approach consists in building specialized proof systems for the logics and requires building new theorem provers but, it has the advantage to desi ..."
Abstract
 Add to MetaCart
Direct approach vs. translation for nonclassical logics In order to mechanize nonclassical logics, there exist at least two main approaches. The direct approach consists in building specialized proof systems for the logics and requires building new theorem provers but, it has the advantage to design finetuned tools and to propose plenty of optimizations. The development of tableauxbased provers for description logics perfectly illustrates this trend. By contrast, the translation approach consists in reducing decision problems for the source logics to similar problems for target logics that have already wellestablished theorem provers. Its main advantage is to use existing tools and therefore to focus only on the translations, that are usually much simpler to implement. Separation logic Separation logic has been introduced as an extension of Hoare logic [Hoa69] to verify programs with mutable data structures [IO01, Rey02]. A major feature is to be able to reason locally in a modular way, which can be performed thanks to the separating conjunction that allows to state properties in disjoint parts of the memory. Moreover, the adjunct implication asserts that whenever a fresh heap
Separation Logic with FirstClass Heaps and a New Frame Rule
"... Separation Logic brought an advance to program verification of data structures through its use of (recursively defined) predicates to implicitly represent heaps, and the separation operator to construct heaps from disjoint subheaps. While this facilitated local reasoning in program fragments, the c ..."
Abstract
 Add to MetaCart
(Show Context)
Separation Logic brought an advance to program verification of data structures through its use of (recursively defined) predicates to implicitly represent heaps, and the separation operator to construct heaps from disjoint subheaps. While this facilitated local reasoning in program fragments, the consideration of subheaps that are disjoint meant that any form of sharing between predicates is problematic and often requires manual proofs whose complexity may outweigh the core benefits of Separation Logic itself. With this as background motivation, we present an assertion language in which subheaps may be explicitly defined within predicates, and the effect of separation obtained by specifying that certain heaps are disjoint. Predicates can then be conjoined in the traditional way. We then present a new frame rule that is conditioned upon the heapupdate operations of a program fragment. Essentially, a predicate can be framed over the program fragment if its footprint is disjoint from the updates. The main contribution is to demonstrate that the induced program verification method now provides local reasoning on problems that so far have not been adequately solved: • structure sharing in data structures, such as in cyclic graphs, where different program fragments act on different parts on these data structures; • summaries of program fragments where there is a recursively defined relationship between the global heap at the entry and exit program points of the fragment; and • incremental updates to complex data structures. Typically different parts of a complex data structure is manipulated by different program fragments (and this depends on the stored values). 1.