Formal Foundations for Translational Separation Logic Verifiers (extended version)

arXiv - CS - Programming Languages Pub Date : 2024-07-29 DOI:arxiv-2407.20002

Thibault DardinierETH Zurich, Michael SammlerETH Zurich, Gaurav ParthasarathyETH Zurich, Alexander J. SummersUniversity of British Columbia, Peter MüllerETH Zurich

{"title":"Formal Foundations for Translational Separation Logic Verifiers (extended version)","authors":"Thibault DardinierETH Zurich, Michael SammlerETH Zurich, Gaurav ParthasarathyETH Zurich, Alexander J. SummersUniversity of British Columbia, Peter MüllerETH Zurich","doi":"arxiv-2407.20002","DOIUrl":null,"url":null,"abstract":"Program verification tools are often implemented as front-end translations of\nan input program into an intermediate verification language (IVL) such as\nBoogie, GIL, Viper, or Why3. The resulting IVL program is then verified using\nan existing back-end verifier. A soundness proof for such a translational\nverifier needs to relate the input program and verification logic to the\nsemantics of the IVL, which in turn needs to be connected with the verification\nlogic implemented in the back-end verifiers. Performing such proofs is\nchallenging due to the large semantic gap between the input and output programs\nand logics, especially for complex verification logics such as separation\nlogic. This paper presents a formal framework for reasoning about translational\nseparation logic verifiers. At its center is a generic core IVL that captures\nthe essence of different separation logics. We define its operational semantics\nand formally connect it to two different back-end verifiers, which use symbolic\nexecution and verification condition generation, resp. Crucially, this\nsemantics uses angelic non-determinism to enable the application of different\nproof search algorithms and heuristics in the back-end verifiers. An axiomatic\nsemantics for the core IVL simplifies reasoning about the front-end translation\nby performing essential proof steps once and for all in the equivalence proof\nwith the operational semantics rather than for each concrete front-end\ntranslation. We illustrate the usefulness of our formal framework by instantiating our\ncore IVL with elements of Viper and connecting it to two Viper back-ends as\nwell as a front-end for concurrent separation logic. All our technical results\nhave been formalized in Isabelle/HOL, including the core IVL and its semantics,\nthe semantics of two back-ends for a subset of Viper, and all proofs.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Programming Languages","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2407.20002","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Program verification tools are often implemented as front-end translations of an input program into an intermediate verification language (IVL) such as Boogie, GIL, Viper, or Why3. The resulting IVL program is then verified using an existing back-end verifier. A soundness proof for such a translational verifier needs to relate the input program and verification logic to the semantics of the IVL, which in turn needs to be connected with the verification logic implemented in the back-end verifiers. Performing such proofs is challenging due to the large semantic gap between the input and output programs and logics, especially for complex verification logics such as separation logic. This paper presents a formal framework for reasoning about translational separation logic verifiers. At its center is a generic core IVL that captures the essence of different separation logics. We define its operational semantics and formally connect it to two different back-end verifiers, which use symbolic execution and verification condition generation, resp. Crucially, this semantics uses angelic non-determinism to enable the application of different proof search algorithms and heuristics in the back-end verifiers. An axiomatic semantics for the core IVL simplifies reasoning about the front-end translation by performing essential proof steps once and for all in the equivalence proof with the operational semantics rather than for each concrete front-end translation. We illustrate the usefulness of our formal framework by instantiating our core IVL with elements of Viper and connecting it to two Viper back-ends as well as a front-end for concurrent separation logic. All our technical results have been formalized in Isabelle/HOL, including the core IVL and its semantics, the semantics of two back-ends for a subset of Viper, and all proofs.

查看原文本刊更多论文

翻译分离逻辑验证器的形式基础（扩展版）

程序验证工具通常是将输入程序前端翻译成中间验证语言（IVL），如 Boogie、GIL、Viper 或 Why3。然后使用现有的后端验证器来验证生成的 IVL 程序。这种翻译验证器的合理性证明需要将输入程序和验证逻辑与 IVL 的语义联系起来，而 IVL 的语义又需要与后端验证器中实现的验证逻辑联系起来。由于输入和输出程序与逻辑之间存在巨大的语义差距，特别是对于复杂的验证逻辑（如分离逻辑），进行这样的证明非常具有挑战性。本文提出了一个用于推理转换分离逻辑验证器的形式框架。其核心是一个通用核心 IVL，它抓住了不同分离逻辑的本质。我们定义了它的操作语义，并将其正式连接到两个不同的后端验证器，这两个验证器分别使用符号执行和验证条件生成。最重要的是，这个语义使用了天使非决定论，以便在后端验证器中应用不同的验证搜索算法和启发式算法。核心 IVL 的公理化语义简化了对前端翻译的推理，因为它可以在与运算语义的等价性证明中一次性执行基本的证明步骤，而不是针对每个具体的前端翻译。我们用 Viper 的元素实例化了我们的核心 IVL，并将其连接到两个 Viper 后端以及并发分离逻辑的前端，从而说明了我们的形式框架的实用性。我们的所有技术成果都已在 Isabelle/HOL 中形式化，包括核心 IVL 及其语义、Viper 子集的两个后端语义以及所有证明。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

arXiv - CS - Programming Languages

自引率

0.00%

发文量

文献相关原料

公司名称	产品信息	采购帮参考价格