Diagrammatic Reasoning in Separation Logic Matt Ridsdale1 Mateja Jamnik1 Nick Benton2 Josh Berdine2 1Computer Laboratory, University of Cambridge

Diagrammatic Reasoning in Separation Logic Matt Ridsdale1 Mateja Jamnik1 Nick Benton2 Josh Berdine2 1Computer Laboratory, University of Cambridge

Diagrammatic Reasoning in Separation Logic Matt Ridsdale1 Mateja Jamnik1 Nick Benton2 Josh Berdine2 1Computer Laboratory, University of Cambridge 2Microsoft Research Cambridge 1. Diagrammatic Reasoning 4. Syntax and Semantics The majority of work in automated theorem proving is based on symbolic logic. Can be formally defined for diagrams, just as for symbolic sentences. Diagrams are seen not as rigorous mathematical tools, but as informal aids to understanding. Syntax specifies shapes that can appear in diagrams and the spatial relations which are Aim: allowed. • Formalise a diagrammatic system for a particular problem domain (e.g. program verification using separation Semantics given by an interpretive function mapping diagrams to sets of program states. logic). • Implement an automated theorem prover making use of this formalism. Operations: draw or erase operations for pointers, program variables and values. 2. Separation Logic 5. Schematic Proofs Formalised notion of a general proof derived from specific instances. Logic for verifying low-level imperative programs. A schematic proof is a program for generating a specific proof for any given problem instance. Proofs consist of lists of Hoare triples (annotated program statements: see box 3). Relevance: diagrams are a way of using the concrete to reason about the general. Diagrams are used informally. Boxes represent memory cells; they may contain values and have pointers to other boxes. Program variables are drawn pointing to the corresponding A schematic proof of the theorem in box 3: sch-pf (d1, d2): (recursive function on pairs of diagrams. d1 shows a right-to-left list; on its right memory cell. is d2, showing a left-to-right list. See slide 3) 1: move var(k, head(tail(d2))) Operations can re-draw pointers, overwrite values in boxes, etc. Figure on the right shows a 2: erase val(head(d2)) 3: draw pointer(head(d2), last element(d1)) make pointers explicit operation. 4: move var(y, head(d2)) 5: move var(x, head(tail(d2))) 6: sch-pf ([d1, head(d2)], tail(d2)). y α α β α α x x 1 x 1 n y . nil α α x y β x β 6. Reasoning About Static Program States α y α’ Initially we are investigating how to reason about static program states. This kind of reasoning is necessary at intermediate stages of making proofs about programs. 3. Diagrammatic vs Separation Logic Proof Example below: the left-hand diagram entails a nil-terminated list beginning at x. The diagrammatic proof proceeds by application of a single operation, make pointers explicit,2 times. The symbolic proof is shown on the right. Diagrammatic Symbolic {list α0 i} The simplicity comes from the similar structure of the problem domain and the diagrammatic {list α0 i ∗ (emp ∧ nil = nil)} j := nil; system. y:=nil; while x!=nil do {list α0 i ∗ (emp ∧ j = nil)} (k:=[x+1]; [x+1]:=y; y:=x; x:=k) {list α0 i ∗ list ǫ j} {∃ α,β. (list α i ∗ list β j ∧α† = α†.β)} x 0 t 6= nil | ls(y, nil) ⊢ ls(y, nil) while i 6= nil do α α γ α α γ † x 1 m t x 1 m α α k α α k := [x+1] {∃ a,α,β. (list (a·α)i ∗ list β j) ∧ α = (a · α)† · β } 4. y 1 2 3 4 [x+1]:= y 0 t nil t n y ls y, nil t n y ls y, nil α α α α ,α,β, . α β . t y . 6= | 7→ [ : ] ∗ ( ) ⊢ 7→ [ : ] ∗ ( ) 1. x 1 2 3 4 Initial state nil nil {∃ a k (i 7→ a,k ∗ list k ∗ list j) † † nil ∧ α0 = (a · α) · β } t 6= nil | t 7→ [n :y] ∗ ls(y, nil) ⊢ ls(t, nil) y β β β β k := [i + 1]; y 1 n 1 n α α k α α y := x {∃ a,α,β. (i 7→ a,k ∗ list α k ∗ list β j) nil nil t nil ls x, t t n y ls y, nil ls x, nil α α α α k := [x+1] . 6= | ( ) ∗ 7→ [ : ] ∗ ( ) ⊢ ( ) 2. x 1k 2 3 4 5. 1 2 x 3 4 x := k † † [x+1]:= y ∧ α0 = (a · α) · β } nil nil nil nil [i + 1] := j; ls(x, t) ∗ t 7→ [n :y] ∗ ls(y, nil) ⊢ ls(x, nil) {∃ a,α,β. (i 7→ a,j ∗ list α k ∗ list β j) . † † αk α α α ∧ α0 = (a · α) · β } 1 2 3 4 y := x 3. y x x := k α α α α † † 1 2 3 4 y Final state {∃ a,α,β. (list α k ∗ list (a·β) i) ∧ α = α · a · β} nil nil 0 † † nil {∃ α,β. (list α k ∗ list β i) ∧ α0 = α · β} j := i; i := k; 7. Conclusions and Future Work † † {∃ α,β. (list α i ∗ list β j) ∧ α0 = α · β} † † {∃ α,β. list β j ∧ α0 = α · β ∧ α = ǫ} {list α† j} 0 Diagrammatic logic can be formalised, and automated reasoning performed, just as for By tracing execution of program for a couple of iterations of the while loop, a human can see traditional symbolic logic. that the program reverses a linked list. Diagrammatic proofs in separation logic appear to be more human-readable and “natural” than Aim to make a formal system of syntax, semantics, operations and inference rules modelling the corresponding separation logic proofs. this kind of reasoning. Diagrammatic reasoning systems are highly tailored to specific problem domains. Future work Aim to generalise specific proofs like the one above (which is about lists of length 4 only) using will look at further case studies and investigate general principles of diagrammatic reasoning. schematic proofs..

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    1 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us