Results 1 
5 of
5
Automating Separation Logic Using SMT
"... Separation logic (SL) has gained widespread popularity because of its ability to succinctly express complex invariants of a program’s heap configurations. Several specialized provers have been developed for decidable SL fragments. However, these provers cannot be easily extended or combined with s ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
(Show Context)
Separation logic (SL) has gained widespread popularity because of its ability to succinctly express complex invariants of a program’s heap configurations. Several specialized provers have been developed for decidable SL fragments. However, these provers cannot be easily extended or combined with solvers for other theories that are important in program verification, e.g., linear arithmetic. In this paper, we present a reduction of decidable SL fragments to a decidable firstorder theory that fits well into the satisfiability modulo theories (SMT) framework. We show how to use this reduction to automate satisfiability, entailment, frame inference, and abduction problems for separation logic using SMT solvers. Our approach provides a simple method of integrating separation logic into existing verification tools that provide SMT backends, and an elegant way of combining SL fragments with other decidable firstorder theories. We implemented this approach in a verification tool and applied it to heapmanipulating programs whose verification involves reasoning in theory combinations.
Constraintbased Program Reasoning with Heaps and Separation
"... Abstract. This paper introduces a constraint language H for finite partial maps (a.k.a. heaps) that incorporates the notion of separation from Separation Logic. We use H to build an extension of Hoare Logic for reasoning over heap manipulating programs using (constraintbased) symbolic execution. We ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
Abstract. This paper introduces a constraint language H for finite partial maps (a.k.a. heaps) that incorporates the notion of separation from Separation Logic. We use H to build an extension of Hoare Logic for reasoning over heap manipulating programs using (constraintbased) symbolic execution. We present a sound and complete algorithm for solving quantifierfree (QF) Hformulae based on heap element propagation. An implementation of the Hsolver has been integrated into a Satisfiability Modulo Theories (SMT) framework. We experimentally evaluate the implementation against Verification Conditions (VCs) generated from symbolic execution of large (heap manipulating) programs. In particular, we mitigate the path explosion problem using subsumption via interpolation – made possible by the constraintbased encoding.
A Constraint Solver for Heaps with Separation
"... Abstract. This paper introduces a constraint language H for finite partial maps (a.k.a. heaps) that incorporates the notion of separation from Separation Logic. The motivation behind H is reasoning over heap manipulating programs using constraintbased symbolic execution. For this we present a modes ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
(Show Context)
Abstract. This paper introduces a constraint language H for finite partial maps (a.k.a. heaps) that incorporates the notion of separation from Separation Logic. The motivation behind H is reasoning over heap manipulating programs using constraintbased symbolic execution. For this we present a modest extension of Hoare Logic that inherits many of the benefits from Separation Logic, such as local reasoning, but encodes heap operations as Hformulae. Next we present a sound and complete solving algorithm for quantifierfree Hformulae, and an implementation that has been integrated into a Satisfiability Modulo Theories (SMT) framework. We experimentally evaluate the implementation against Verification Conditions (VCs) generated from symbolic execution of large programs. In particular, we mitigate the path explosion problem using subsumption via interpolation. 1
Engineering Theories with Z3
, 2011
"... Modern Satisfiability Modulo Theories (SMT) solvers are fundamental to many program analysis, verification, design and testing tools. They are a good fit for the domain of software and hardware engineering because they support many domains that are commonly used by the tools. The meaning of domain ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Modern Satisfiability Modulo Theories (SMT) solvers are fundamental to many program analysis, verification, design and testing tools. They are a good fit for the domain of software and hardware engineering because they support many domains that are commonly used by the tools. The meaning of domains are captured by theories that can be axiomatized or supported by efficient theory solvers. Nevertheless, not all domains are handled by all solvers and many domains and theories will never be native to any solver. We here explore different theories that extend Microsoft Research’s SMT solver Z3’s basic support. Some can be directly encoded or axiomatized, others make use of user theory plugins. Plugins are a powerful way for tools to supply their custom domains.
A Logical Analysis of Framing for Specifications with Pure Method Calls
, 2014
"... Abstract. For specifying and reasoning about objectbased programs it is often attractive for contracts to be expressed using calls to pure methods. It is useful for pure methods to have contracts, including read effects to support local reasoning based on frame conditions. This leads to puzzles suc ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. For specifying and reasoning about objectbased programs it is often attractive for contracts to be expressed using calls to pure methods. It is useful for pure methods to have contracts, including read effects to support local reasoning based on frame conditions. This leads to puzzles such as the use of a pure method in its own contract. These ideas have been explored in connection with verification tools based on axiomatic semantics, guided by the need to avoid logical inconsistency, and focusing on encodings that cater for first order automated provers. This paper adds pure methods and read effects to region logic, a firstorder program logic that features framebased local reasoning and a proof rule for linking of clients with modules to achieve endtoend correctness by modular reasoning. Soundness is proved with respect to a conventional operational semantics and using the extensional (i.e., relational) interpretation of read effects. 1