A Correctness and Incorrectness Program Logic

IF 2.3 2区 计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Roberto Bruni, Roberto Giacobazzi, Roberta Gori, Francesco Ranzato
{"title":"A Correctness and Incorrectness Program Logic","authors":"Roberto Bruni, Roberto Giacobazzi, Roberta Gori, Francesco Ranzato","doi":"https://dl.acm.org/doi/10.1145/3582267","DOIUrl":null,"url":null,"abstract":"<p>Abstract interpretation is a well-known and extensively used method to extract over-approximate program invariants by a sound program analysis algorithm. Soundness means that no program errors are lost and it is, in principle, guaranteed by construction. Completeness means that the abstract interpreter reports no false alarms for all possible inputs, but this is extremely rare because it needs a very precise analysis. We introduce a weaker notion of completeness, called <i>local completeness</i>, which requires that no false alarms are produced only relatively to some fixed program inputs. Based on this idea, we introduce a program logic, called Local Completeness Logic for an abstract domain <i>A</i>, for proving both the correctness and incorrectness of program specifications. Our proof system, which is parameterized by an abstract domain <i>A</i>, combines over- and under-approximating reasoning. In a provable triple ⊦<sub><i>A</i></sub> [<i>p</i>] 𝖼 [<i>q</i>], 𝖼 is a program, <i>q</i> is an under-approximation of the strongest post-condition of 𝖼 on input <i>p</i> such that their abstractions in <i>A</i> coincide. This means that <i>q</i> is never too coarse, namely, under some mild assumptions, <i>the abstract interpretation of 𝖼 does not yield false alarms for the input <i>p</i> iff <i>q</i> has no alarm</i>. Therefore, proving ⊦<sub><i>A</i></sub> [<i>p</i>] 𝖼 [<i>q</i>] not only ensures that all the alarms raised in <i>q</i> are true ones, but also that if <i>q</i> does not raise alarms, then 𝖼 is correct. We also prove that if <i>A</i> is the straightforward abstraction making all program properties equivalent, then our program logic coincides with O’Hearn’s incorrectness logic, while for any other abstraction, contrary to the case of incorrectness logic, our logic can also establish program correctness.</p>","PeriodicalId":50022,"journal":{"name":"Journal of the ACM","volume":"40 4","pages":""},"PeriodicalIF":2.3000,"publicationDate":"2023-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of the ACM","FirstCategoryId":"94","ListUrlMain":"https://doi.org/https://dl.acm.org/doi/10.1145/3582267","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

Abstract

Abstract interpretation is a well-known and extensively used method to extract over-approximate program invariants by a sound program analysis algorithm. Soundness means that no program errors are lost and it is, in principle, guaranteed by construction. Completeness means that the abstract interpreter reports no false alarms for all possible inputs, but this is extremely rare because it needs a very precise analysis. We introduce a weaker notion of completeness, called local completeness, which requires that no false alarms are produced only relatively to some fixed program inputs. Based on this idea, we introduce a program logic, called Local Completeness Logic for an abstract domain A, for proving both the correctness and incorrectness of program specifications. Our proof system, which is parameterized by an abstract domain A, combines over- and under-approximating reasoning. In a provable triple ⊦A [p] 𝖼 [q], 𝖼 is a program, q is an under-approximation of the strongest post-condition of 𝖼 on input p such that their abstractions in A coincide. This means that q is never too coarse, namely, under some mild assumptions, the abstract interpretation of 𝖼 does not yield false alarms for the input p iff q has no alarm. Therefore, proving ⊦A [p] 𝖼 [q] not only ensures that all the alarms raised in q are true ones, but also that if q does not raise alarms, then 𝖼 is correct. We also prove that if A is the straightforward abstraction making all program properties equivalent, then our program logic coincides with O’Hearn’s incorrectness logic, while for any other abstraction, contrary to the case of incorrectness logic, our logic can also establish program correctness.

正确和不正确的程序逻辑
摘要解释是一种众所周知的、广泛使用的方法,它通过一种完善的程序分析算法来提取过近似的程序不变量。健全性意味着不会丢失任何程序错误,原则上,它是由构造保证的。完整性意味着抽象解释器不会对所有可能的输入报告错误警报,但这种情况极为罕见,因为它需要非常精确的分析。我们引入了一个较弱的完整性概念,称为局部完整性,它要求仅相对于某些固定的程序输入不产生假警报。基于这一思想,我们引入了一种程序逻辑,称为抽象域a的局部完备逻辑,用于证明程序规范的正确性和不正确性。我们的证明系统由抽象域A参数化,结合了过逼近和欠逼近推理。在可证明三重体⊦a [p]𝖼[q]中,𝖼是一个程序,q是输入p上最强后置条件𝖼的一个低近似值,使得它们在a中的抽象重合。这意味着q永远不会太粗糙,也就是说,在一些温和的假设下,如果q没有报警,对𝖼的抽象解释不会对输入p产生假警报。因此,证明⊦A [p]𝖼[q]不仅保证了在q中发出的所有警报都是真实的,而且如果q没有发出警报,则𝖼是正确的。我们还证明,如果A是使所有程序属性相等的直接抽象,那么我们的程序逻辑与O 'Hearn的不正确逻辑是一致的,而对于任何其他抽象,与不正确逻辑的情况相反,我们的逻辑也可以建立程序正确性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of the ACM
Journal of the ACM 工程技术-计算机:理论方法
CiteScore
7.50
自引率
0.00%
发文量
51
审稿时长
3 months
期刊介绍: The best indicator of the scope of the journal is provided by the areas covered by its Editorial Board. These areas change from time to time, as the field evolves. The following areas are currently covered by a member of the Editorial Board: Algorithms and Combinatorial Optimization; Algorithms and Data Structures; Algorithms, Combinatorial Optimization, and Games; Artificial Intelligence; Complexity Theory; Computational Biology; Computational Geometry; Computer Graphics and Computer Vision; Computer-Aided Verification; Cryptography and Security; Cyber-Physical, Embedded, and Real-Time Systems; Database Systems and Theory; Distributed Computing; Economics and Computation; Information Theory; Logic and Computation; Logic, Algorithms, and Complexity; Machine Learning and Computational Learning Theory; Networking; Parallel Computing and Architecture; Programming Languages; Quantum Computing; Randomized Algorithms and Probabilistic Analysis of Algorithms; Scientific Computing and High Performance Computing; Software Engineering; Web Algorithms and Data Mining
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信