Satisfiability Modulo Heap-Based Programs
نویسندگان
چکیده
In this work, we present a semi-decision procedure for a fragment of separation logic with user-defined predicates and Presburger arithmetic. To check the satisfiability of a formula, our procedure iteratively unfolds the formula and examines the derived disjuncts. In each iteration, it searches for a proof of either satisfiability or unsatisfiability. Our procedure is further enhanced with automatically inferred invariants as well as detection of cyclic proof. We also identify a syntactically restricted fragment of the logic for which our procedure is terminating and thus complete. This decidable fragment is relatively expressive as it can capture a range of sophisticated data structures with non-trivial pure properties, such as size, sortedness and near-balanced. We have implemented the proposed solver and a new system for verifying heap-based programs. We have evaluated our system on benchmark programs from a software verification competition.
منابع مشابه
Verifying Heap-Manipulating Programs in an SMT Framework
Automated software verification has made great progress recently, and a key enabler of this progress has been the advances in efficient, automated decision procedures suitable for verification (Boolean satisfiability solvers and satisfiability-modulo-theories (SMT) solvers). Verifying general software, however, requires reasoning about unbounded, linked, heap-allocated data structures, which in...
متن کاملConstraint-Based Program Reasoning with Heaps and Separation
This paper introduces a constraint language H for finite partial maps (a.k.a. heaps) that incorporates the notion of separation from Separation Logic. We use H to build an extension of Hoare Logic for reasoning over heap manipulating programs using (constraint-based) symbolic execution. We present a sound and complete algorithm for solving quantifier-free (QF) H-formulae based on heap element p...
متن کاملA Constraint Solver for Heaps with Separation
This paper introduces a constraint language H for finite partial maps (a.k.a. heaps) that incorporates the notion of separation from Separation Logic. The motivation behind H is reasoning over heap manipulating programs using constraint-based symbolic execution. For this we present a modest extension of Hoare Logic that inherits many of the benefits from Separation Logic, such as local reasonin...
متن کاملSeparation Logic Modulo Theories
Logical reasoning about program behaviours often requires dealing with heap structures as well as scalar data types. Advances in Satisfiability Modulo Theories (SMT) offer efficient procedures for dealing with scalar values, yet they lack expressive support for dealing with heap structures. In this paper, we present an approach that integrates separation logic—a prominent logic for reasoning ab...
متن کاملSoftware Model Checking the Precision of Floating-Point Programs
Software model checking has recently been successful in discovering bugs in production software. Most tools have targeted heap related programming mistakes and controlheavy programs. However, real-time and embedded controllers implemented in software are susceptible to computational numeric instabilities. In this work, we target numerical programs implemented using the IEEE 754 floating-point s...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016