Automating Separation Logic Using SMT

Piskač, Ružica; Wies, Thomas; Zufferey, Damien

doi:10.1007/978-3-642-39799-8_54

Cited by 105 publications

(120 citation statements)

References 39 publications

Supporting

Mentioning

120

Contrasting

Order By: Relevance

“…If one of the disjuncts is satisfied, so is Q. We remark that as the base formulas do not contain any occurrences of inductive predicates, their satisfiability is decidable [23,17]. We generate the base formulas for each inductive predicate by: (i) constructing a cyclic unfolding tree and (ii) extracting base formulas from the leaf nodes in the tree.…”

Section: Overview and Illustrationmentioning

confidence: 99%

“…In terms of decision procedures supporting inductive predicates and arithmetic, GRASShoper [23] and Asterix [22] are among the first decision procedures where shape definitions are restricted to linked lists. The decidable fragments have been recently widened in extended GRASShoper [24], CompSPEN [12], S2SATSL [17], [18] and [29].…”

Section: Related Workmentioning

confidence: 99%

“…A decision procedure for satisfiability of separation logic with inductive predicates could be useful for multiple analysis problems associated with heapmanipulating programs, e.g., compositional verification [8,26,19], shape analysis [15], termination analysis [6] as well as to uncover reachability in bug finding tools [17]. It has been shown that the satisfiability of the fragment of separation logic which does not include inductive (user-defined) predicates is decidable [7,23,22,17]. The main challenge on satisfiability checking of separation logic with inductive predicates is that it often requires reasoning about infinite heaps as well as infinite integer domain.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic

Tatsuta

Sun

et al. 2017

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. We consider the satisfiability problem for a fragment of separation logic including inductive predicates with shape and arithmetic properties. We show that the fragment is decidable if the arithmetic properties can be represented as semilinear sets. Our decision procedure is based on a novel algorithm to infer a finite representation for each inductive predicate which precisely characterises its satisfiability. Our analysis shows that the proposed algorithm runs in exponential time in the worst case. We have implemented our decision procedure and integrated it into an existing verification system. Our experiment on benchmarks shows that our procedure helps to verify the benchmarks effectively.

show abstract

Section: Overview and Illustrationmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic

Tatsuta

Sun

et al. 2017

Computer Aided Verification

View full text Add to dashboard Cite

show abstract

“…For instance, early proposals fixed the set of shape predicates that may be used, for example, to linked lists (in SeLoger [17,23], and SLLB [34]) or trees (GRIT [36]). There are few approaches supporting user-defined predicates [14,39,25].…”

Section: Introductionmentioning

confidence: 99%

Satisfiability Modulo Heap-Based Programs

Sun

Chin

2016

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. In this work, we present a semi-decision procedure for a fragment of separation logic with user-defined predicates and Presburger arithmetic. To check the satisfiability of a formula, our procedure iteratively unfolds the formula and examines the derived disjuncts. In each iteration, it searches for a proof of either satisfiability or unsatisfiability. Our procedure is further enhanced with automatically inferred invariants as well as detection of cyclic proof. We also identify a syntactically restricted fragment of the logic for which our procedure is terminating and thus complete. This decidable fragment is relatively expressive as it can capture a range of sophisticated data structures with non-trivial pure properties, such as size, sortedness and near-balanced. We have implemented the proposed solver and a new system for verifying heap-based programs. We have evaluated our system on benchmark programs from a software verification competition.

show abstract

“…To mention a few, in verification, SMT solvers have been used for device driver verification [5,34], checking complex verification conditions [22,38,48], and improving precision of invariant generation [33,45]; in testing and bug finding, they have been instrumental in making symbolic execution [15,26], fuzzing [28], and bounded model checking techniques [18,24] practical; in program synthesis, they have been used to search for programs satisfying a given specification [30,58]; in functional programming, they have been used to support strong typing guarantees with refinement types [12,52].…”

Section: Introductionmentioning

confidence: 99%

Symbolic optimization with SMT solvers

Albarghouthi

Kincaid

et al. 2014

Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

101

View full text Add to dashboard Cite

The rise in efficiency of Satisfiability Modulo Theories (SMT) solvers has created numerous uses for them in software verification, program synthesis, functional programming, refinement types, etc. In all of these applications, SMT solvers are used for generating satisfying assignments (e.g., a witness for a bug) or proving unsatisfiability/validity (e.g., proving that a subtyping relation holds). We are often interested in finding not just an arbitrary satisfying assignment, but one that optimizes (minimizes/maximizes) certain criteria. For example, we might be interested in detecting program executions that maximize energy usage (performance bugs), or synthesizing short programs that do not make expensive API calls. Unfortunately, none of the available SMT solvers offer such optimization capabilities.In this paper, we present SYMBA, an efficient SMT-based optimization algorithm for objective functions in the theory of linear real arithmetic (LRA). Given a formula ϕ and an objective function t, SYMBA finds a satisfying assignment of ϕ that maximizes the value of t. SYMBA utilizes efficient SMT solvers as black boxes. As a result, it is easy to implement and it directly benefits from future advances in SMT solvers. Moreover, SYMBA can optimize a set of objective functions, reusing information between them to speed up the analysis. We have implemented SYMBA and evaluated it on a large number of optimization benchmarks drawn from program analysis tasks. Our results indicate the power and efficiency of SYMBA in comparison with competing approaches, and highlight the importance of its multi-objective-function feature.

show abstract

Automating Separation Logic Using SMT

Cited by 105 publications

References 39 publications

A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic

A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic

Satisfiability Modulo Heap-Based Programs

Symbolic optimization with SMT solvers

Contact Info

Product

Resources

About