Separation logic

Separation logic

Adding the heap

• memory writes , $[E_1]:=E_2$
• memory reads, $x:=[E]$
• memory allocation, $x:=cons(E_1,\cdots,E_n)$
• memory deallocation, $disopose\ E$
  $stack :var->value$
  $heap :loc->value$
  $loc \subseteq value$

Operational semantics

${E/s \to v \over x:=E/(s,h) \to skip/(s[x:=v],h)}$
${E/s \to v \over x:=[E]/(s,h) \to skip/(s[x:h(v)],h) }$
${E_1/s \to v_1 \ E_2/s \to v \over [E_1]:=E_2/(s,h)\to skip /(s,h[v1:=v2)])}$
${E_1/s \to v_1 \ \cdots E_n/s \to v_n \ \ \ \ v \cdots v+(n-1)\notin dom(h) \over x:cons(E_1,\cdots,E_n)/(s,h)\rightarrow skip/(s[x:v],h\oplus \ v:=v1,\cdots v+(n-1):=v_n}$
${E/s \to v \over dispose E/(s,h) \to skip /(s,h\backslash v)}$
$\bm {Remark}: h[v:v'] \ and \ h\backslash v are defined only if v \in dom(h)$

Frame

$\{P\}C\{Q\} \over \{R*P\}C\{Q*R\}$

statements of separation logic

$P,Q :: =T \ \ \ true \\ | \lnot P \ \ \ \ \ \\ | P \land Q\\ | P \lor Q \\ | S \ \ \ \ \ \ \ \ \\ \\ | P*Q\\ | E_1\mapsto E_2\\ | empty$
$(s,h) \vDash empty\ iff \ dom(h) = \varnothing$
$(s,h) \vDash E_1 \mapsto E_2 \ iff \ E_1/s \to v_1 \land E_2/s \to v_2 \land dom(h) = v_1 \land h(v_1)=v_2 \\ (s,h) \vDash P*Q \ iff \\ \exists h_1,h_2.dom(h_1) \cap dom(h_2) = \varnothing \land h_1 \oplus h_2 =h \land (s,h_1) \vDash P \land (s,h_2) \vDash Q$

Date types:list

• $list \ []\ x \equiv empty \land x = nil$
• $list \ v_1:: \alpha \ x \equiv \exists j.x \mapsto v_1(X+1 \mapsto j)*list \ \alpha \ j$

Data types :list segment

• $lseg \ []\ (x,y) \equiv empty \land x=y$
• $lseg \ v::\alpha(x,y) \equiv \exists j.x \mapsto v*(x+1\mapsto j)* lseg \ \alpha(j,y)$

Exercise: prove,by structural induction on $\alpha$,that:

$lseg \ \alpha \cdot \beta \iff \ \exists\ j.lseg \ \alpha(x,y)*lseg\ \beta(j,y)$

(Local)axioms

• write : $\{E \mapsto \_ \} [E] =E'\{E \mapsto E'\}$
• dispose: $\{E \mapsto \_\}dispose(E)\{empty\}$
• alloc: $\{empty\}x =cons(E_1,\ldots,E_n)\{x \mapsto E_1 *x+1 \mapsto E_2* \ldots x +\\(n-1) \mapsto e_n\}$

Exercises:prove that:

$\{lseg \ \alpha(i,j)*j \mapsto a,k\}k:cons(a,i);i:=k \{ lseg \ a \cdot \alpha(i,j)\} \\ \{lseg \ \alpha(i,j)*j \mapsto a,k\}l:=cons(b,k);[j+1]=l \{ lseg \ \alpha \cdot a \cdot b(i,k)\} \\ \{lseg \ a \cdot \alpha(i,k)\} j:=[i+1];dispose \ i ; dispose \ i+1; i:=j \ \{lseg \ \alpha(i,k)\}$
Remember:
$lseg \ [] \ (x,y) \equiv empty \land x=y$
$lseg \ v::\alpha(x,y) \equiv \exists j.x \mapsto v*(x+1 \mapsto j)* lseg \ \alpha(j,y)$
Notation : $j \mapsto a,k$ stands for $j \mapsto a*j+1 \mapsto k$