Compositional Symbolic Execution for Correctness and Incorrectness Reasoning (Extended Version)

arXiv - CS - Programming Languages Pub Date : 2024-07-15 DOI:arxiv-2407.10838

Andreas Lööw, Daniele Nantes-Sobrinho, Sacha-Élie Ayoun, Caroline Cronjäger, Petar Maksimović, Philippa Gardner

{"title":"Compositional Symbolic Execution for Correctness and Incorrectness Reasoning (Extended Version)","authors":"Andreas Lööw, Daniele Nantes-Sobrinho, Sacha-Élie Ayoun, Caroline Cronjäger, Petar Maksimović, Philippa Gardner","doi":"arxiv-2407.10838","DOIUrl":null,"url":null,"abstract":"The introduction of separation logic has led to the development of\nsymbolic-execution techniques and tools that are (functionally) compositional\nwith function specifications that can be used in broader calling contexts. Many\nof the compositional symbolic-execution tools developed in academia and\nindustry have been grounded on a formal foundation, but either the function\nspecifications are not validated concerning the underlying separation logic of\nthe theory, or there is a large gulf between the theory and the tool\nimplementation. We introduce a formal compositional symbolic-execution engine which creates\nand uses function specifications from an underlying separation logic and\nprovides a sound theoretical foundation partially inspired by the Gillian\nsymbolic-execution platform. This is achieved by providing an axiomatic\ninterface which describes the properties of the consume and produce operations\nused in the engine to compositionally update the symbolic state, including,\nwhen calling function specifications -- a technique used by VeriFast, Viper,\nand Gillian but not previously characterised independently of the tool. Our\nresult consume and produce operations inspired by the Gillian implementation\nthat satisfy the properties described by our axiomatic interface. A surprising\nproperty of our engine semantics is its ability to underpin both correctness\nand incorrectness reasoning, with the primary distinction being the choice\nbetween satisfiability and validity. We use this property to extend the Gillian\nplatform, which previously only supported correctness reasoning, with\nincorrectness reasoning and automatic true bug-finding using incorrectness\nbi-abduction. We evaluate our new Gillian platform through instantiation to C.\nThis instantiation is the first tool grounded on a common formal compositional\nsymbolic-execution engine to support both correctness and incorrectness\nreasoning.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":"54 44 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Programming Languages","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2407.10838","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The introduction of separation logic has led to the development of symbolic-execution techniques and tools that are (functionally) compositional with function specifications that can be used in broader calling contexts. Many of the compositional symbolic-execution tools developed in academia and industry have been grounded on a formal foundation, but either the function specifications are not validated concerning the underlying separation logic of the theory, or there is a large gulf between the theory and the tool implementation. We introduce a formal compositional symbolic-execution engine which creates and uses function specifications from an underlying separation logic and provides a sound theoretical foundation partially inspired by the Gillian symbolic-execution platform. This is achieved by providing an axiomatic interface which describes the properties of the consume and produce operations used in the engine to compositionally update the symbolic state, including, when calling function specifications -- a technique used by VeriFast, Viper, and Gillian but not previously characterised independently of the tool. Our result consume and produce operations inspired by the Gillian implementation that satisfy the properties described by our axiomatic interface. A surprising property of our engine semantics is its ability to underpin both correctness and incorrectness reasoning, with the primary distinction being the choice between satisfiability and validity. We use this property to extend the Gillian platform, which previously only supported correctness reasoning, with incorrectness reasoning and automatic true bug-finding using incorrectness bi-abduction. We evaluate our new Gillian platform through instantiation to C. This instantiation is the first tool grounded on a common formal compositional symbolic-execution engine to support both correctness and incorrectness reasoning.

查看原文本刊更多论文

正确性和不正确性推理的合成符号执行（扩展版）

分离逻辑的引入导致了符号计算执行技术和工具的发展，这些技术和工具（在功能上）具有可用于更广泛调用环境的函数说明的组合性。学术界和工业界开发的许多组合式符号执行工具都建立在形式化基础之上，但要么功能规范没有经过理论底层分离逻辑的验证，要么理论与工具实现之间存在巨大差距。我们介绍了一种形式化的组合式符号执行引擎，它能根据底层分离逻辑创建和使用函数规范，并提供了良好的理论基础，部分灵感来自于 Gilliansymbolic-execution 平台。这是通过提供一个公理化接口来实现的，该接口描述了引擎中用于组合更新符号状态的消耗和生成操作的属性，包括调用函数规范时的属性--VeriFast、Viper 和 Gillian 都使用了这一技术，但之前并未独立于工具进行描述。我们的结果消耗和产生操作受 Gillian 实现的启发，满足我们公理接口所描述的属性。我们的引擎语义有一个令人惊讶的特性，那就是它既能支持正确性推理，也能支持不正确性推理，主要区别在于可满足性和有效性之间的选择。我们利用这一特性扩展了 Gillian 平台，该平台以前只支持正确性推理、不正确性推理和使用不正确性比诱导自动查找真正的错误。我们通过对 C 语言的实例化来评估我们的新 Gillian 平台。这个实例化是第一个基于通用形式化组合符号执行引擎的工具，同时支持正确性和不正确性推理。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

arXiv - CS - Programming Languages

自引率

0.00%

发文量