Exact Separation Logic (Extended Version)
Over-approximating (OX) program logics, such as separation logic (SL), are used for verifying properties of heap-manipulating programs: all terminating behaviour is characterised, but established results and errors need not be reachable. OX function specifications are thus incompatible with true bug...
Gespeichert in:
| Veröffentlicht in: | arXiv.org 2023-08 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Maksimović, Petar Cronjäger, Caroline Lööw, Andreas Sutherland, Julian Gardner, Philippa |
| description | Over-approximating (OX) program logics, such as separation logic (SL), are used for verifying properties of heap-manipulating programs: all terminating behaviour is characterised, but established results and errors need not be reachable. OX function specifications are thus incompatible with true bug-finding supported by symbolic execution tools such as Pulse and Pulse-X. In contrast, under-approximating (UX) program logics, such as incorrectness separation logic, are used to find true results and bugs: established results and errors are reachable, but there is no mechanism for understanding if all terminating behaviour has been characterised. We introduce exact separation logic (ESL), which provides fully-verified function specifications compatible with both OX verification and UX true bug-funding: all terminating behaviour is characterised, and all established results and errors are reachable. We prove soundness for ESL with mutually recursive functions, demonstrating, for the first time, function compositionality for a UX logic. We show that UX program logics require subtle definitions of internal and external function specifications compared with the familiar definitions of OX logics. We investigate the expressivity of ESL and, for the first time, explore the role of abstraction in UX reasoning by verifying abstract ESL specifications of various data-structure algorithms. In doing so, we highlight the difference between abstraction (hiding information) and over-approximation (losing information). Our findings demonstrate that, expectedly, abstraction cannot be used as freely in UX logics as in OX logics, but also that it should be feasible to use ESL to provide tractable function specifications for self-contained, critical code, which would then be used for both verification and true bug-finding. |
| doi_str_mv | 10.48550/arxiv.2208.07200 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_2208_07200</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2703186912</sourcerecordid><originalsourceid>FETCH-LOGICAL-a950-17da71ed317506c711969dd52ebb953f6bc3fe71f94248fb1514378922cf8c393</originalsourceid><addsrcrecordid>eNotj0tLw0AUhQdBsNT-AFcG3NhF6r13MpmZpZT4gIALi9swmYekaBInqcR_b2xdHTh8HM7H2BXCJlNCwJ2JU_O9IQK1AUkAZ2xBnGOqMqILthqGPQBQLkkIvmDrYjJ2TF59b6IZm65Nyu69scltMY2-dd4lbz4Oc7--ZOfBfAx-9Z9LtnsodtuntHx5fN7el6nRAlKUzkj0jqMUkFuJqHPtnCBf11rwkNeWBy8x6IwyFWoUmHGpNJENynLNl-z6NHv0qPrYfJr4U_35VEefmbg5EX3svg5-GKt9d4jt_KkiCRxVrpH4L4JcSuM</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2703186912</pqid></control><display><type>article</type><title>Exact Separation Logic (Extended Version)</title><source>Freely Accessible Journals</source><source>arXiv.org</source><creator>Maksimović, Petar ; Cronjäger, Caroline ; Lööw, Andreas ; Sutherland, Julian ; Gardner, Philippa</creator><creatorcontrib>Maksimović, Petar ; Cronjäger, Caroline ; Lööw, Andreas ; Sutherland, Julian ; Gardner, Philippa</creatorcontrib><description>Over-approximating (OX) program logics, such as separation logic (SL), are used for verifying properties of heap-manipulating programs: all terminating behaviour is characterised, but established results and errors need not be reachable. OX function specifications are thus incompatible with true bug-finding supported by symbolic execution tools such as Pulse and Pulse-X. In contrast, under-approximating (UX) program logics, such as incorrectness separation logic, are used to find true results and bugs: established results and errors are reachable, but there is no mechanism for understanding if all terminating behaviour has been characterised. We introduce exact separation logic (ESL), which provides fully-verified function specifications compatible with both OX verification and UX true bug-funding: all terminating behaviour is characterised, and all established results and errors are reachable. We prove soundness for ESL with mutually recursive functions, demonstrating, for the first time, function compositionality for a UX logic. We show that UX program logics require subtle definitions of internal and external function specifications compared with the familiar definitions of OX logics. We investigate the expressivity of ESL and, for the first time, explore the role of abstraction in UX reasoning by verifying abstract ESL specifications of various data-structure algorithms. In doing so, we highlight the difference between abstraction (hiding information) and over-approximation (losing information). Our findings demonstrate that, expectedly, abstraction cannot be used as freely in UX logics as in OX logics, but also that it should be feasible to use ESL to provide tractable function specifications for self-contained, critical code, which would then be used for both verification and true bug-finding.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.2208.07200</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Algorithms ; Approximation ; Computer Science - Logic in Computer Science ; Computer Science - Programming Languages ; Errors ; Logic ; Reasoning ; Recursive functions ; Semantics ; Separation ; Specifications ; Verification</subject><ispartof>arXiv.org, 2023-08</ispartof><rights>2023. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://creativecommons.org/licenses/by/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,781,785,886,27927</link.rule.ids><backlink>$$Uhttps://doi.org/10.48550/arXiv.2208.07200$$DView paper in arXiv$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.4230/LIPIcs.ECOOP.2023.19$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink></links><search><creatorcontrib>Maksimović, Petar</creatorcontrib><creatorcontrib>Cronjäger, Caroline</creatorcontrib><creatorcontrib>Lööw, Andreas</creatorcontrib><creatorcontrib>Sutherland, Julian</creatorcontrib><creatorcontrib>Gardner, Philippa</creatorcontrib><title>Exact Separation Logic (Extended Version)</title><title>arXiv.org</title><description>Over-approximating (OX) program logics, such as separation logic (SL), are used for verifying properties of heap-manipulating programs: all terminating behaviour is characterised, but established results and errors need not be reachable. OX function specifications are thus incompatible with true bug-finding supported by symbolic execution tools such as Pulse and Pulse-X. In contrast, under-approximating (UX) program logics, such as incorrectness separation logic, are used to find true results and bugs: established results and errors are reachable, but there is no mechanism for understanding if all terminating behaviour has been characterised. We introduce exact separation logic (ESL), which provides fully-verified function specifications compatible with both OX verification and UX true bug-funding: all terminating behaviour is characterised, and all established results and errors are reachable. We prove soundness for ESL with mutually recursive functions, demonstrating, for the first time, function compositionality for a UX logic. We show that UX program logics require subtle definitions of internal and external function specifications compared with the familiar definitions of OX logics. We investigate the expressivity of ESL and, for the first time, explore the role of abstraction in UX reasoning by verifying abstract ESL specifications of various data-structure algorithms. In doing so, we highlight the difference between abstraction (hiding information) and over-approximation (losing information). Our findings demonstrate that, expectedly, abstraction cannot be used as freely in UX logics as in OX logics, but also that it should be feasible to use ESL to provide tractable function specifications for self-contained, critical code, which would then be used for both verification and true bug-finding.</description><subject>Algorithms</subject><subject>Approximation</subject><subject>Computer Science - Logic in Computer Science</subject><subject>Computer Science - Programming Languages</subject><subject>Errors</subject><subject>Logic</subject><subject>Reasoning</subject><subject>Recursive functions</subject><subject>Semantics</subject><subject>Separation</subject><subject>Specifications</subject><subject>Verification</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotj0tLw0AUhQdBsNT-AFcG3NhF6r13MpmZpZT4gIALi9swmYekaBInqcR_b2xdHTh8HM7H2BXCJlNCwJ2JU_O9IQK1AUkAZ2xBnGOqMqILthqGPQBQLkkIvmDrYjJ2TF59b6IZm65Nyu69scltMY2-dd4lbz4Oc7--ZOfBfAx-9Z9LtnsodtuntHx5fN7el6nRAlKUzkj0jqMUkFuJqHPtnCBf11rwkNeWBy8x6IwyFWoUmHGpNJENynLNl-z6NHv0qPrYfJr4U_35VEefmbg5EX3svg5-GKt9d4jt_KkiCRxVrpH4L4JcSuM</recordid><startdate>20230830</startdate><enddate>20230830</enddate><creator>Maksimović, Petar</creator><creator>Cronjäger, Caroline</creator><creator>Lööw, Andreas</creator><creator>Sutherland, Julian</creator><creator>Gardner, Philippa</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20230830</creationdate><title>Exact Separation Logic (Extended Version)</title><author>Maksimović, Petar ; Cronjäger, Caroline ; Lööw, Andreas ; Sutherland, Julian ; Gardner, Philippa</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a950-17da71ed317506c711969dd52ebb953f6bc3fe71f94248fb1514378922cf8c393</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Algorithms</topic><topic>Approximation</topic><topic>Computer Science - Logic in Computer Science</topic><topic>Computer Science - Programming Languages</topic><topic>Errors</topic><topic>Logic</topic><topic>Reasoning</topic><topic>Recursive functions</topic><topic>Semantics</topic><topic>Separation</topic><topic>Specifications</topic><topic>Verification</topic><toplevel>online_resources</toplevel><creatorcontrib>Maksimović, Petar</creatorcontrib><creatorcontrib>Cronjäger, Caroline</creatorcontrib><creatorcontrib>Lööw, Andreas</creatorcontrib><creatorcontrib>Sutherland, Julian</creatorcontrib><creatorcontrib>Gardner, Philippa</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Maksimović, Petar</au><au>Cronjäger, Caroline</au><au>Lööw, Andreas</au><au>Sutherland, Julian</au><au>Gardner, Philippa</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Exact Separation Logic (Extended Version)</atitle><jtitle>arXiv.org</jtitle><date>2023-08-30</date><risdate>2023</risdate><eissn>2331-8422</eissn><abstract>Over-approximating (OX) program logics, such as separation logic (SL), are used for verifying properties of heap-manipulating programs: all terminating behaviour is characterised, but established results and errors need not be reachable. OX function specifications are thus incompatible with true bug-finding supported by symbolic execution tools such as Pulse and Pulse-X. In contrast, under-approximating (UX) program logics, such as incorrectness separation logic, are used to find true results and bugs: established results and errors are reachable, but there is no mechanism for understanding if all terminating behaviour has been characterised. We introduce exact separation logic (ESL), which provides fully-verified function specifications compatible with both OX verification and UX true bug-funding: all terminating behaviour is characterised, and all established results and errors are reachable. We prove soundness for ESL with mutually recursive functions, demonstrating, for the first time, function compositionality for a UX logic. We show that UX program logics require subtle definitions of internal and external function specifications compared with the familiar definitions of OX logics. We investigate the expressivity of ESL and, for the first time, explore the role of abstraction in UX reasoning by verifying abstract ESL specifications of various data-structure algorithms. In doing so, we highlight the difference between abstraction (hiding information) and over-approximation (losing information). Our findings demonstrate that, expectedly, abstraction cannot be used as freely in UX logics as in OX logics, but also that it should be feasible to use ESL to provide tractable function specifications for self-contained, critical code, which would then be used for both verification and true bug-finding.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.2208.07200</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2023-08 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_arxiv_primary_2208_07200 |
| source | Freely Accessible Journals; arXiv.org |
| subjects | Algorithms Approximation Computer Science - Logic in Computer Science Computer Science - Programming Languages Errors Logic Reasoning Recursive functions Semantics Separation Specifications Verification |
| title | Exact Separation Logic (Extended Version) |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-18T05%3A43%3A04IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Exact%20Separation%20Logic%20(Extended%20Version)&rft.jtitle=arXiv.org&rft.au=Maksimovi%C4%87,%20Petar&rft.date=2023-08-30&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.2208.07200&rft_dat=%3Cproquest_arxiv%3E2703186912%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2703186912&rft_id=info:pmid/&rfr_iscdi=true |