33 (2016 ) Brotherston We implement a semi-automated prover for implicational formulas (entailments) of the separation logic including inductive predicate definitions, toward automation of program verification by separation logic. More specifically, we use cyclic proof system, proposed by Brotherston et al., to construct proof. In cyclic proof system, we allow proof trees to contain cycles under a specific condition and prove entailments including inductive predicates. We must unfold inductive predicates in accordance with their definition. In a naïve way, the number of applicable inference rules increases explosively. For pruning, we restricted the selection method of predicates to be unfolded and the order of applications of the inference rules. Based on the above idea, we implemented an automated prover searching for a proof. We automatically proved several entailments with inductive predicates by using the prover implemented in this paper. Besides we let the prover output proof trees as LATEX code if the entailment is provable, and we visualized the proofs found by proof search. 1 [6] Hoare triple ϕ C Semi-automated Entailment Checker by Cyclic Proofs for Separation Logic with Inductive Predicates. Sosuke Nakada and Koji Nakazawa,, Dept. of Information Engineering, Graduate School of Information Science, Nagoya University. ψ {ϕ}c{ψ} ϕ ψ ϕ 1 = ϕ 2 ϕ 1 = ϕ 2 ϕ 1 ϕ 2 entailment ϕ 1 = ϕ 2 Brotherston [2][3]
2 3 4 5 4 6 2 t, t 1, t 2,... x, y, z,... nil Vars symbolic heap Π ::= t = t t t Π Π Σ ::= emp t ( t) Σ Σ P( t) ϕ ::= Π Σ P P n P( t) = z i.ϕ i z i = FV(ϕ i ) t i=0 z.ϕ i P I I P Q I Q nil 0 nil 0 Val := N Locs := N\{0} (s, h) s Val h Stores := Vars Val Heaps := Locs f in Val n s(nil) = 0 Val h Dom(h) h 1 h 2 h = h 1 + h 2 Dom(h 1 ) Dom(h 2 ) = h n Dom(h 1 ) h(n) = h 1 (n) n Dom(h 2 ) h(n) = h 2 (n) (s, h) ϕ s, h = ϕ s, h = t 1 = t 2 iff s(t 1 ) = s(t 2 ) s, h = t 1 t 2 iff s(t 1 ) s(t 2 ) s, h = Π 1 Π 2 iff s, h = Π 1 s, h = Π 2 n 1
s, h = emp iff Dom(h) = s, h = t ( t) iff Dom(h) = {s(t)} h(s(t)) = s( t) s, h = Σ 1 Σ 2 iff h 1, h 2 (h = h 1 + h 2 s, h 1 = Σ 1 s, h 2 = Σ 2 ) s, h = P( t) iff n(s, h = P n ( t)) s, h = P 0 ( t) s, h = P k+1 ( t) iff P z.ϕ i n s[ z := n], h = ϕ i [P := P k ]( t) s, h = Π Σ iff s, h = Π s, h = Σ ϕ 1 = ϕ 2 (s, h) s, h = ϕ 1 s, h = ϕ 2 3 ϕ 1, ϕ 2 ϕ 1 = ϕ 2 ϕ 1 ϕ 2 Π 1 emp Σ 1 Π 2 Σ 2 Π 1 Σ 1 Π 2 Σ 2 Π 1 Σ 1 Π 2 emp Σ 2 Π 1 Σ 1 Π 2 Σ 2 (Π 1 Σ 1 Π 2 Σ 2 )[t 2 := t 1 ] t 1 = t 2 Π 1 Σ 1 Π 2 Σ 2 (empl) (empr) (=L) Π 1 Σ 1 Π 2 Σ 2 t 1 t 2 Π 1 Σ 1 is UNS AT (=R) Π 1 Σ 1 t 1 = t 2 Π 2 Σ 2 Π 1 Σ 1 Π 2 Σ 2 t 1 = t 2 Π 1 Σ 1 is UNS AT (=/R) Π 1 Σ 1 t 1 t 2 Π 2 Σ 2 Π 1 emp emp (Id) Π Σ 1 Σ 2 Π Σ Σ 1 Σ Σ 2 Π ϕ 1 θ Σ 1 [ t := xθ] Σ 2 [ t := xθ] Π ϕ n θ Σ 1 [ t := xθ] Σ 2 [ t := xθ] Π P( t) Σ 1 Σ 2 Π Σ 1 ϕ i [ z := y] Σ 2 Π Σ 1 P( t) Σ 2 (UnfRP i ) (UnfLP) (P Id) (UnfLP) θ = [ z := y] y fresh (UnfLP) (UnfRP i ) n P P( t) = z i.ϕ i i=1 (Id) (P Id) (empl) (empr) [2] (Id) ( ) (empl) (empr) (Id) (UnfLP) (UnfRP i ) ls(x, y) = x = y emp (ϕ 1 ) x.x x ls(x, y) (ϕ 2 ) 1 ls(x, x ) ls(x, y) ls(x, y) trace 1 ls(x, x ) ls(z, x ) ls(z, x ) ls(x, x ) [2] Γ 1 Γ 1 Γ 2 Γ 2 θ.(γ 1 Γ 1 )θ = Γ 2 Γ 2 Γ 1, Γ 2 P P (UnfLP) 1 ls(x, x ) ls(z, x ) (UnfLls) ls(x, x ) ls(x, y) ls(x, y)
emp emp (Id) (P Id) ls(z, x ) ls(x, y) ls(z, y) emp ls(x, y) emp ls(x, y) (empr) emp ls(x, y) ls(x, y) x = x emp ls(x, y) ls(x, y) (=L) x z ls(z, x ) ls(x (P Id), y) x z ls(x, y) x z ls(z, x ) ls(x (UnfRls 2 ), y) ls(x, y) ls(x, x ) ls(x (UnfLls), y) ls(x, y) 1 [2] global trace condition [2] [2] ϕ 1 ϕ 2 ϕ 1 = ϕ 2 4 J I 3 emp (empl) (empr) 4. 1 Π 1 Σ 1 Π 2 Σ 2 3 Π 1 Σ 1 Σ 2 Π 1 t 1 = t 2 (=R) (=/ R) Π 1 Σ 1 Π Π 1 Σ 1 Π Π 2 Σ 2 (=L) (=R) (=/ R) 4. 2 2 J J P i P i α (UnfLP) π α π 0 α π 1 (UnfLP) π 0 (Downlink) α > n > π θ.α n = (ϕ 1 ϕ 3 )[θ] ϕ 2 matches ϕ 3 (α, π, ϕ 1 ϕ 2 ) (Downlink) matches [2] augmented sequents J 1 q L, q R f L q L, q R 1 f L f L q L, q R q R, q L q q (UnfLP) (UnfRP i ) (UnfRP i ) i q 2 q L q L q R
q R (UnfLP) f L (UnfRP i ) f L q L = [P 1 ; P 2 ; Q 3 ], q R = [P 4 ; Q 5 ] P 2 q L = [P 1 ; Q 3 ; P 2 ], q R = [P 4 ; Q 5 ] f L q L, q R 3 ls ls2(x, y) = x = y emp x, x.x x x x ls(x, y) ls2 ls2(x, y) ls(x, y) q L, q R (UnfLP) dmax d J, α, π, q L, q R, f L, d 4. 3 (UnfRP i ) (UnfLP) (UnfRP i ) (UnfLP) (UnfRP i ) P z.ϕ i = z.x ( y) ϕ i v x ( v) y v z x ( y) ϕ i z (UnfRP i ) x ( v) x ( y) x ( y) (P Id) x ( y) x ( v) (UnfRP i ) 4. 4 J α = [], π = 0, q L = [], q R = [], f L =, c = 0 [] (Id), (P Id), (Downlink), (UnfLP) (UnfRP i ) (UnfLP) (UnfRP i ) c > cmax (UnfRP i ) (Id) (Downlink) 5 5. 1 4 OCaml 1 2 dmax 4 10
[4] DELL optiplex 9020, Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz 3.60GHz 8GB 1600MHz DDR SDRAM OS Windows 10 Pro VMware(R) Workstation 12 Player 12.1.0 build-3272444 Ubuntu 15.04 64 RAM 2GB, 2 OCaml version 4.01.0 5 1/10 L A TEX 5. 2 2 3 d = 4 2 d = 10 d = 4 2 1,4 2,3 A 5. 3 4 2 4 d = 10 3 d max = 10 d max [2] ( ) d max d max = 4 3 1,5 d max = 4 d max = 10 2,3,4 1,5 d max 6 6. 1 6. 2 [1] [2][3][5] [2][3] [5] [2][3] [5] [2] [3]
1 ls ls(x, y) = x = y emp x.x x ls(x, y) lse/lso lse(x, y) = x = y emp x.x x lso(x, y) lso(x, y) = x.x x lse(x, y) DLL DLL(a, b, c, d) = a = b c = d emp x.a (x, d) DLL(x, b, c, a) 2 1 ls(x, y) ls(y, z) ls(x, z) 2 lso(x, y) lso(y, z) lse(x, z) 3 lso(x, y) lse(y, z) lso(x, z) 4 lse(x, y) lse(y, z) lse(x, z) 5 DLL(x 5, x 2, x 3, x 6 ) DLL(x 1, x 5, x 6, x 4 ) DLL(x 1, x 2, x 3, x 4 ) 3 d d = 4 d = 10 1 3 4 2 4 7 3 0 22 4 6 43 5 22 21 [1] Antonopoulos, T., Gorogiannis, N., Haase, C., Kanovich, M., and Ouaknine, J.: Foundations for decision problems in separation logic with general inductive predicates, International Conference on Foundations of Software Science and Computation Structures, Springer Berlin Heidelberg, 2014, pp. 411 425.
2 3 1 d = 4 3 3 4 d = 4 4 3 4 d = 10 [2] Brotherston, J., Distefano, D. and Petersen, R. L.: Automated cyclic entailment proofs in separation logic, Automated Deduction (CADE-23), Springer, 2011, pp. 131-146. [3] Brotherston, J., Gorogiannis, N. and Petersen, R. L.: A generic cyclic theorem prover, Programming Languages and Systems, Springer, 2012, pp. 350-367. [4] Brotherston, J., Fuhs, C., Pérez, J. A. N., and Gorogiannis, N.: A decision procedure for satisfiability in separation logic with inductive predicates, Proceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS), ACM, 2014, p. 25. [5] Iosif, R., Rogalewicz, A. and Vojnar, T.: Deciding entailments in inductive separation logic with tree automata, Automated Technology for Verification and Analysis, Springer, 2014, pp. 201-218. [6] Reynolds, J. C.: Separation logic: A logic for shared mutable data structures, Logic in Computer Science, 2002. Proceedings. 17th Annual IEEE Symposium on, IEEE, 2002, pp. 55-74. A : 5 5 L A TEX 5
5 3 1 d = 10 6 3 2 d = 4 7 3 2 d = 10 8 3 3 d = 4
9 3 3 d = 10 10 3 5 d = 4 11 3 5 d = 10