An Abstract Separation Logic for Interlinked Extensible Records

values v♯ can now contain basic values, abstract locations h (which can be summary nodes k or precise abstract locations l), the special nil, and the special abstraction ⊠. We update the definition of domain and codomain of membranes as expected: dom (h → h1 +...+ hn) = {h} codom (h → h1 +...+ hn) = {h1,... , hn} dom (νh) = ∅ codom (νh) = {h} dom (M) = ⋃ m∈M dom (m) codom (M) = ⋃ m∈M codom (m) As renamings can now map an abstract location to several abstract locations, substitutions M (φ) can now duplicate memory cells: {k → k1 + k2} (k ↦ {o}) = k1 ↦ {o [k1 ⊔ k2/k]}⋆ k2 ↦ {o [k1 ⊔ k2/k]}. There are two basic operations on summary locations: summarizations and materializations. These two operations rename abstract locations, thus changing the scope of formulae: membranes are a crucial point for their soundness in accordance to their interaction with the frame rule. Let us first only consider an inner formula φ. The summarization consists in merging abstract locations h1, ..., hn into a single new summary node k. Figures ?? and ?? picture two examples of summarizations, respectively of two summary nodes, and of an abstract location. It allows to loose information about the structure of h1, ..., hn; typically to get a loop invariant. In order to perform a summarization, we need to have in the considered inner formula φ the explicit definition of all these abstract locations: it is not possible to summarize l and l′ in the formula l ↦ {f ∶ l′, _ ∶ ⊠} as we do not have access to the resource l′. Let us thus suppose that the formula φ is of the form h1 ↦ {o1} ⋆ ... ⋆ hn ↦ {on} ⋆ φ′. The summarization of h1, ..., hn into k, provided that k does not appear in φ, is the following formula. (h1 → k,... , hn → k∣ (k ↦ {o1} ⊔ ... ⊔ {on} ⋆ φ′) [k/h1]... [k/hn]) We have merged all the statements about h1, ..., hn, replaced in the current context φ′ and the merged abstract object these abstract locations by k, and left a notice in the form of a membrane for additionnal contexts added by the frame rule about the operation which took place. The materialization follows the same scheme, pictured in figure ??. Given an entry point to a summary node k—either on the form of a variable x =̇ k or a location l ↦ {f ∶ k, ...}—we can rewrite a summary location into a single location (pointed by the entry point) and another summary node, representing the rest of the concrete locations previously present. Indeed, we know that k cannot represent an empty set of locations, and we would like to split it into the exact location l′ accessed by our entry point, and the rest k′ of the other locations. This operation allows to perform strong updates on these precise values. The materialization of k into l′ and k′ through