Abstract:We investigate the complexity consequences of adding pointer arithmetic to separation logic. Specifically, we study extensions of the points-to fragment of symbolic-heap separation logic with various forms of Presburger arithmetic constraints. Most significantly, we find that, even in the minimal case when we allow only conjunctions of simple "difference constraints" x ′ ≤ x ± k (where k is an integer), polynomial-time decidability is already impossible: satisfiability becomes NP-complete, while quantifier-fre… Show more
“…Partitioning analysis: Based on the base-offset pointer analysis above, we define in Section 5.3 a new analysis that computes for each pointer expression an abstract location that collects a finite set of slices of symbolic blocks, i.e., the abstraction is a partial mapping from program's variables to sets of intervals representing offsets in the block. With this analysis, the abstract location computed for outArr+i (at line 39 of sort4, call in Figure 3 (b)) is more precise, i.e., {df → { [5,7], [0, 0]}}, and it allows to prove the post-condition for sort4. Notice that the analysis computes a finite set of slices in symbolic blocks whose concretizations (sets of locations) are pairwise disjoint.…”
Section: A Motivating Examplementioning
confidence: 99%
“…. , df· [7]}. Given a cell-path c, we denote by r(c) the range of offsets (in bytes) that correspond to the path and which is computed using ABI.…”
Section: Partitioning By Cells (C)mentioning
confidence: 99%
“…For C programs with pointers, DV has been boosted by the usage of Separation Logic [29], which leads to compact proofs due to the local reasoning allowed by the separating conjunction operator. However, for programs with low-level operations on pointers (e.g., pointer arithmetics and casting), this approach is actually limited by the theoretical results on the fragment of separation logic employed [7] and on the availability of solvers. Therefore, this class of programs is most commonly dealt using classic approaches based on memory modelsà la Burstall-Bornat [9,6], which may be adapted to be sound in presence of low-level operations [31] and dynamic allocation [36].…”
Cooperation between verification methods is crucial to tackle the challenging problem of software verification. The paper focuses on the verification of C programs using pointers and it formalizes a cooperation between static analyzers doing pointer analysis and a deductive verification tool based on first order logic. We propose a framework based on memory models that captures the partitioning of memory inferred by pointer analyses, and complies with the memory models used to generate verification conditions. The framework guided us to propose a pointer analysis that accommodates to various low-level operations on pointers while providing precise information about memory partitioning to the deductive verification. We implemented this cooperation inside the Frama-C platform and we show its effectiveness in reducing the task of deductive verification on a complex case study.
“…Partitioning analysis: Based on the base-offset pointer analysis above, we define in Section 5.3 a new analysis that computes for each pointer expression an abstract location that collects a finite set of slices of symbolic blocks, i.e., the abstraction is a partial mapping from program's variables to sets of intervals representing offsets in the block. With this analysis, the abstract location computed for outArr+i (at line 39 of sort4, call in Figure 3 (b)) is more precise, i.e., {df → { [5,7], [0, 0]}}, and it allows to prove the post-condition for sort4. Notice that the analysis computes a finite set of slices in symbolic blocks whose concretizations (sets of locations) are pairwise disjoint.…”
Section: A Motivating Examplementioning
confidence: 99%
“…. , df· [7]}. Given a cell-path c, we denote by r(c) the range of offsets (in bytes) that correspond to the path and which is computed using ABI.…”
Section: Partitioning By Cells (C)mentioning
confidence: 99%
“…For C programs with pointers, DV has been boosted by the usage of Separation Logic [29], which leads to compact proofs due to the local reasoning allowed by the separating conjunction operator. However, for programs with low-level operations on pointers (e.g., pointer arithmetics and casting), this approach is actually limited by the theoretical results on the fragment of separation logic employed [7] and on the availability of solvers. Therefore, this class of programs is most commonly dealt using classic approaches based on memory modelsà la Burstall-Bornat [9,6], which may be adapted to be sound in presence of low-level operations [31] and dynamic allocation [36].…”
Cooperation between verification methods is crucial to tackle the challenging problem of software verification. The paper focuses on the verification of C programs using pointers and it formalizes a cooperation between static analyzers doing pointer analysis and a deductive verification tool based on first order logic. We propose a framework based on memory models that captures the partitioning of memory inferred by pointer analyses, and complies with the memory models used to generate verification conditions. The framework guided us to propose a pointer analysis that accommodates to various low-level operations on pointers while providing precise information about memory partitioning to the deductive verification. We implemented this cooperation inside the Frama-C platform and we show its effectiveness in reducing the task of deductive verification on a complex case study.
“…Since the birth of separation logics, there has been a lot of interest in the study of decidability and computational complexity issues, see e.g. [3,10,11,7,15,31], and comparatively a bit less attention to the design of proof systems, and even less with the puristic approach that consists in discarding any external feature such as nominals or labels in the calculi. The well-known advantages of such an approach include an exhaustive understanding of the expressive power of the logic and discarding the use of any external artifact referring to semantical objects.…”
We present a general approach to axiomatise separation logics with heaplet semantics with no external features such as nominals/labels. To start with, we design the first (internal) Hilbertstyle axiomatisation for the quantifier-free separation logic SL( * , − * ). We instantiate the method by introducing a new separation logic with essential features: it is equipped with the separating conjunction, the predicate ls, and a natural guarded form of first-order quantification. We apply our approach for its axiomatisation. As a by-product of our method, we also establish the exact expressive power of this new logic and we show PSpace-completeness of its satisfiability problem.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.