Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
175 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Sufficient Incorrectness Logic: SIL and Separation SIL (2310.18156v3)

Published 27 Oct 2023 in cs.LO

Abstract: Sound over-approximation methods have been proved effective for guaranteeing the absence of errors, but inevitably they produce false alarms that can hamper the programmers. Conversely, under-approximation methods are aimed at bug finding and are free from false alarms. We introduce Sufficient Incorrectness Logic~(SIL), a new under-approximating, triple-based program logic to reason about program errors. SIL is designed to set apart the initial states leading to errors. We prove that SIL is correct and complete for a minimal set of rules, and we study additional rules that can facilitate program analyses. We formally compare SIL to existing triple-based program logics. Incorrectness Logic and SIL both perform under-approximations, but while the former exposes only true errors, the latter locates the set of initial states that lead to such errors. Hoare Logic performs over-approximations and as such cannot capture the set of initial states leading to errors in nondeterministic programs -- for deterministic and terminating programs, Hoare Logic and SIL coincide. Finally, we instantiate SIL with Separation Logic formulae (Separation SIL) to handle pointers and dynamic allocation and we prove its correctness and, for loop-free programs, also its completeness. We argue that in some cases Separation SIL can yield more succinct postconditions and provide stronger guarantees than Incorrectness Separation Logic and can support effective backward reasoning.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (47)
  1. Krzysztof R. Apt. 1981. Ten Years of Hoare’s Logic: A Survey—Part I. ACM Trans. Program. Lang. Syst. 3, 4 (10 1981), 431–483. https://doi.org/10.1145/357146.357150
  2. Krzysztof R. Apt. 1984. Ten Years of Hoare’s Logic: A Survey Part II: Nondeterminism. Theor. Comput. Sci. 28 (1984), 83–109. https://doi.org/10.1016/0304-3975(83)90066-X
  3. Krzysztof R. Apt and Ernst-Rüdiger Olderog. 2019. Fifty years of Hoare’s logic. Formal Aspects Comput. 31, 6 (2019), 751–807. https://doi.org/10.1007/S00165-019-00501-3
  4. Thomas Ball and Sriram K. Rajamani. 2001. The SLAM Toolkit. In Computer Aided Verification, 13th International Conference, CAV 2001, Paris, France, July 18-22, 2001, Proceedings (Lecture Notes in Computer Science, Vol. 2102), Gérard Berry, Hubert Comon, and Alain Finkel (Eds.). Springer, 260–264. https://doi.org/10.1007/3-540-44585-4_25
  5. Bounded Model Checking. Adv. Comput. 58 (2003), 117–148. https://doi.org/10.1016/S0065-2458(03)58003-2
  6. A Static Analyzer for Large Safety-Critical Software. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation 2003, San Diego, California, USA, June 9-11, 2003, Ron Cytron and Rajiv Gupta (Eds.). ACM, 196–207. https://doi.org/10.1145/781131.781153
  7. Andreas Blass and Yuri Gurevich. 2001. The Underlying Logic of Hoare Logic. In Current Trends in Theoretical Computer Science, Entering the 21th Century, Gheorghe Paun, Grzegorz Rozenberg, and Arto Salomaa (Eds.). World Scientific, 409–436.
  8. Graham Bleaney and Sinan Cepel. 2019. Pysa: An Open Source Static Analysis Tool to Detect and Prevent Security Issues in Python Code. https://engineering.fb.com/2021/09/29/security/mariana-trench/.
  9. Applying Formal Verification to Microkernel IPC at Meta. In CPP ’22: 11th ACM SIGPLAN International Conference on Certified Programs and Proofs, Philadelphia, PA, USA, January 17 - 18, 2022, Andrei Popescu and Steve Zdancewic (Eds.). ACM, 116–129. https://doi.org/10.1145/3497775.3503681
  10. Edmund M. Clarke and E. Allen Emerson. 1981. Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic. In Logics of Programs, Workshop, Yorktown Heights, New York, USA, May 1981 (Lecture Notes in Computer Science, Vol. 131), Dexter Kozen (Ed.). Springer, 52–71. https://doi.org/10.1007/BFb0025774
  11. VCC: A Practical System for Verifying Concurrent C. In Theorem Proving in Higher Order Logics, 22nd International Conference, TPHOLs 2009, Munich, Germany, August 17-20, 2009. Proceedings (Lecture Notes in Computer Science, Vol. 5674), Stefan Berghofer, Tobias Nipkow, Christian Urban, and Makarius Wenzel (Eds.). Springer, 23–42. https://doi.org/10.1007/978-3-642-03359-9_2
  12. Stephen A. Cook. 1978. Soundness and Completeness of an Axiom System for Program Verification. SIAM J. Comput. 7, 1 (1978), 70–90. https://doi.org/10.1137/0207005
  13. Thierry Coquand and Gérard P. Huet. 1985. Constructions: A Higher Order Proof System for Mechanizing Mathematics. In EUROCAL ’85, European Conference on Computer Algebra, Linz, Austria, April 1-3, 1985, Proceedings Volume 1: Invited Lectures (Lecture Notes in Computer Science, Vol. 203), Bruno Buchberger (Ed.). Springer, 151–184. https://doi.org/10.1007/3-540-15983-5_13
  14. Patrick Cousot. 2024. Calculational Design of [In]Correctness Transformational Program Logics by Abstract Interpretation. Proc. ACM Program. Lang. 8, POPL, Article 7 (jan 2024), 34 pages. https://doi.org/10.1145/3632849
  15. Patrick Cousot and Radhia Cousot. 1977. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In Conference Record of the Fourth ACM Symposium on Principles of Programming Languages, Los Angeles, California, USA, January 1977, Robert M. Graham, Michael A. Harrison, and Ravi Sethi (Eds.). ACM, 238–252. https://doi.org/10.1145/512950.512973
  16. Automatic Inference of Necessary Preconditions. In Verification, Model Checking, and Abstract Interpretation, 14th International Conference, VMCAI 2013, Rome, Italy, January 20-22, 2013. Proceedings (Lecture Notes in Computer Science, Vol. 7737), Roberto Giacobazzi, Josh Berdine, and Isabella Mastroeni (Eds.). Springer, 128–148. https://doi.org/10.1007/978-3-642-35873-9_10
  17. Precondition Inference from Intermittent Assertions and Application to Contracts on Collections. In Verification, Model Checking, and Abstract Interpretation - 12th International Conference, VMCAI 2011, Austin, TX, USA, January 23-25, 2011. Proceedings (Lecture Notes in Computer Science, Vol. 6538), Ranjit Jhala and David A. Schmidt (Eds.). Springer, 150–168. https://doi.org/10.1007/978-3-642-18275-4_12
  18. An Abstract Interpretation Framework for Refactoring with Application to Extract Methods with Contracts. In Proceedings of the 27th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2012, part of SPLASH 2012, Tucson, AZ, USA, October 21-25, 2012, Gary T. Leavens and Matthew B. Dwyer (Eds.). ACM, 213–232. https://doi.org/10.1145/2384616.2384633
  19. Luís Damas and Robin Milner. 1982. Principal Type-Schemes for Functional Programs. In Conference Record of the Ninth Annual ACM Symposium on Principles of Programming Languages, Albuquerque, New Mexico, USA, January 1982, Richard A. DeMillo (Ed.). ACM Press, 207–212. https://doi.org/10.1145/582153.582176
  20. Leonardo Mendonça de Moura. 2007. Invited talk: Developing Efficient SMT Solvers. In Proceedings of the CADE-21 Workshop on Empirically Successful Automated Reasoning in Large Theories, Bremen, Germany, 17th July 2007 (CEUR Workshop Proceedings, Vol. 257), Geoff Sutcliffe, Josef Urban, and Stephan Schulz (Eds.). CEUR-WS.org. https://ceur-ws.org/Vol-257/02_deMoura.pdf
  21. Edsko de Vries and Vasileios Koutavas. 2011. Reverse Hoare Logic. In Software Engineering and Formal Methods, Gilles Barthe, Alberto Pardo, and Gerardo Schneider (Eds.). Springer Berlin Heidelberg, 155–171. https://doi.org/10.1007/978-3-642-24690-6_12
  22. Edsger W. Dijkstra. 1975. Guarded Commands, Nondeterminacy and Formal Derivation of Programs. Commun. ACM 18, 8 (1975), 453–457. https://doi.org/10.1145/360933.360975
  23. Scaling Static Analyses at Facebook. Commun. ACM 62, 8 (2019), 62–70. https://doi.org/10.1145/3338112
  24. Manuel Fähndrich and Francesco Logozzo. 2010. Static Contract Checking with Abstract Interpretation. In Formal Verification of Object-Oriented Software - International Conference, FoVeOOS 2010, Paris, France, June 28-30, 2010, Revised Selected Papers (Lecture Notes in Computer Science, Vol. 6528), Bernhard Beckert and Claude Marché (Eds.). Springer, 10–30. https://doi.org/10.1007/978-3-642-18070-5_2
  25. Robert W. Floyd. 1967. Assigning Meanings to Programs. Proceedings of Symposium on Applied Mathematics 19 (1967), 19–32. http://laser.cs.umass.edu/courses/cs521-621.Spr06/papers/Floyd.pdf
  26. Dominik Gabi. 2021. Open-sourcing Mariana Trench: Analyzing Android and Java App Security in Depth. https://engineering.fb.com/2021/09/29/security/mariana-trench/.
  27. SAGE: Whitebox Fuzzing for Security Testing. Commun. ACM 55, 3 (2012), 40–44. https://doi.org/10.1145/2093548.2093564
  28. Modular Checking for Buffer Overflows in the Large. In 28th International Conference on Software Engineering (ICSE 2006), Shanghai, China, May 20-28, 2006, Leon J. Osterweil, H. Dieter Rombach, and Mary Lou Soffa (Eds.). ACM, 232–241. https://doi.org/10.1145/1134285.1134319
  29. Dynamic logic (1st ed.). MIT Press.
  30. C. A. R. Hoare. 1969. An Axiomatic Basis for Computer Programming. Commun. ACM 12, 10 (Oct. 1969), 576–580. https://doi.org/10.1145/363235.363259
  31. C. A. R. Hoare. 1978. Some Properties of Predicate Transformers. J. ACM 25, 3 (1978), 461–480. https://doi.org/10.1145/322077.322088
  32. Finding Real Bugs in Big Programs with Incorrectness Logic. Proc. ACM Program. Lang. 6, OOPSLA1 (2022), 1–27. https://doi.org/10.1145/3527325
  33. Xavier Leroy. 2009. Formal Verification of a Realistic Compiler. Commun. ACM 52, 7 (2009), 107–115. https://doi.org/10.1145/1538788.1538814
  34. Necessity Specifications for Robustness. Proc. ACM Program. Lang. 6, OOPSLA2 (2022), 811–840. https://doi.org/10.1145/3563317
  35. Exact Separation Logic: Towards Bridging the Gap Between Verification and Bug-Finding. In 37th European Conference on Object-Oriented Programming, ECOOP 2023, July 17-21, 2023, Seattle, Washington, United States (LIPIcs, Vol. 263), Karim Ali and Guido Salvaneschi (Eds.). Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 19:1–19:27. https://doi.org/10.4230/LIPICS.ECOOP.2023.19
  36. On Algebra of Program Correctness and Incorrectness. In Relational and Algebraic Methods in Computer Science - 19th International Conference, RAMiCS 2021, Marseille, France, November 2-5, 2021, Proceedings (Lecture Notes in Computer Science, Vol. 13027), Uli Fahrenberg, Mai Gehrke, Luigi Santocanale, and Michael Winter (Eds.). Springer, 325–343. https://doi.org/10.1007/978-3-030-88701-8_20
  37. Peter W. O’Hearn. 2020. Incorrectness logic. Proc. ACM Program. Lang. 4, POPL (2020), 10:1–10:32. https://doi.org/10.1145/3371078
  38. Local Reasoning about Programs that Alter Data Structures. In Computer Science Logic, 15th International Workshop, CSL 2001. 10th Annual Conference of the EACSL, Paris, France, September 10-13, 2001, Proceedings (Lecture Notes in Computer Science, Vol. 2142), Laurent Fribourg (Ed.). Springer, 1–19. https://doi.org/10.1007/3-540-44802-0_1
  39. Local Reasoning About the Presence of Bugs: Incorrectness Separation Logic. In Computer Aided Verification - 32nd International Conference, CAV 2020, Los Angeles, CA, USA, July 21-24, 2020, Proceedings, Part II (Lecture Notes in Computer Science, Vol. 12225), Shuvendu K. Lahiri and Chao Wang (Eds.). Springer, 225–252. https://doi.org/10.1007/978-3-030-53291-8_14
  40. Concurrent Incorrectness Separation Logic. Proc. ACM Program. Lang. 6, POPL (2022), 1–29. https://doi.org/10.1145/3498695
  41. Compositional Non-Termination Proving. https://www.soundandcomplete.org/papers/Unter.pdf Preprint.
  42. John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In 17th IEEE Symposium on Logic in Computer Science (LICS 2002), 22-25 July 2002, Copenhagen, Denmark, Proceedings. IEEE Computer Society, 55–74. https://doi.org/10.1109/LICS.2002.1029817
  43. G. Winskel. 1993. The Formal Semantics of Programming Languages: an Introduction. MIT press.
  44. Linpeng Zhang and Benjamin Lucien Kaminski. 2022. Quantitative strongest post: a calculus for reasoning about the flow of quantitative information. Proc. ACM Program. Lang. 6, OOPSLA1 (2022), 1–29. https://doi.org/10.1145/3527331
  45. Noam Zilberstein. 2024. A Relatively Complete Program Logic for Effectful Branching. arXiv:2401.04594 [cs.LO] Preprint.
  46. Outcome Logic: A Unifying Foundation for Correctness and Incorrectness Reasoning. Proc. ACM Program. Lang. 7, OOPSLA1 (2023), 522–550. https://doi.org/10.1145/3586045
  47. Outcome Separation Logic: Local Reasoning for Correctness and Incorrectness with Computational Effects. arXiv:2305.04842 [cs.LO] Preprint.
Citations (3)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets