Separation logic

Separation logic

Adding the heap

• memory writes , $[E_1]:=E_2$
• memory reads, $x:=[E]$
• memory allocation,$x:=cons(E_1,\cdots ,E_n)$
• memory deallocation,$disoposeE$
  $stack:var->value$
  $heap:loc->value$
  $loc\subseteq value$

Operational semantics

$$\frac{E/s\to v}{x:=E/(s,h)\to skip/(s[x:=v],h)}$$
$$\frac{E/s\to v}{x:=[E]/(s,h)\to skip/(s[x:h(v)],h)}$$
$$\frac{E_1/s\to v_1{E}_2/s\to v}{[E_1]:=E_2/(s,h)\to skip/(s,h[v1:=v2)])}$$
$$\frac{E_1/s\to v_1\cdots E_n/s\to v_{n}v\cdots v+(n-1)\notin dom(h)}{x:cons(E_1,\cdots ,E_n)/(s,h)\to skip/(s[x:v],h\oplus v:=v1,\cdots v+(n-1):=v_n}$$
$$\frac{E/s\to v}{disposeE/(s,h)\to skip/(s,h\backslash v)}$$
$$\mathbf{R}\mathbf{e}\mathbf{m}\mathbf{a}\mathbf{r}\mathbf{k}:h[v:v^{\prime }]andh\backslash varedefinedonlyifv\in dom(h)$$

Frame

{ P } C { Q } { R ∗ P } C { Q ∗ R } \{P\}C\{Q\} \over \{R*P\}C\{Q*R\} {R∗P}C{Q∗R}{P}C{Q}​

statements of separation logic

$$\begin{gathered} P,Q::=Ttrue \\ |\neg P \\ |P\wedge Q \\ |P\vee Q \\ |S \\ |P\ast Q \\ |E_1\mapsto E_2 \\ |empty \end{gathered}$$
$$(s,h)\models emptyiffdom(h)=\varnothing$$
$$\begin{gathered} (s,h)\models E_1\mapsto E_{2}iff{E}_1/s\to v_1\wedge E_2/s\to v_2\wedge dom(h)=v_1\wedge h(v_1)=v_2 \\ (s,h)\models P\ast Qiff \\ \exists h_1,h_2.dom(h_1)\cap dom(h_2)=\varnothing \wedge h_1\oplus h_2=h\wedge (s,h_1)\models P\wedge (s,h_2)\models Q \end{gathered}$$

Date types:list

• $list[]x\equiv empty\wedge x=nil$
• $list{v}_1::\alpha x\equiv \exists j.x\mapsto v_1(X+1\mapsto j)\ast list\alpha j$

Data types :list segment

• $lseg[](x,y)\equiv empty\wedge x=y$
• $lsegv::\alpha (x,y)\equiv \exists j.x\mapsto v\ast (x+1\mapsto j)\ast lseg\alpha (j,y)$

Exercise: prove,by structural induction on $\alpha$,that:

$lseg\alpha \cdot \beta ⟺\exists j.lseg\alpha (x,y)\ast lseg\beta (j,y)$

(Local)axioms

• write : { E ↦ _ } [ E ] = E ′ { E ↦ E ′ } \{E \mapsto \_ \} [E] =E'\{E \mapsto E'\} {E↦_}[E]=E′{E↦E′}
• dispose: { E ↦ _ } d i s p o s e ( E ) { e m p t y } \{E \mapsto \_\}dispose(E)\{empty\} {E↦_}dispose(E){empty}
• alloc: { e m p t y } x = c o n s ( E 1 , … , E n ) { x ↦ E 1 ∗ x + 1 ↦ E 2 ∗ … x + ( n − 1 ) ↦ e n } \{empty\}x =cons(E_1,\ldots,E_n)\{x \mapsto E_1 *x+1 \mapsto E_2* \ldots x +\\(n-1) \mapsto e_n\} {empty}x=cons(E1​,…,En​){x↦E1​∗x+1↦E2​∗…x+(n−1)↦en​}

Exercises:prove that:

{ l s e g   α ( i , j ) ∗ j ↦ a , k } k : c o n s ( a , i ) ; i : = k { l s e g   a ⋅ α ( i , j ) } { l s e g   α ( i , j ) ∗ j ↦ a , k } l : = c o n s ( b , k ) ; [ j + 1 ] = l { l s e g   α ⋅ a ⋅ b ( i , k ) } { l s e g   a ⋅ α ( i , k ) } j : = [ i + 1 ] ; d i s p o s e   i ; d i s p o s e   i + 1 ; i : = j   { l s e g   α ( i , k ) } \{lseg \ \alpha(i,j)*j \mapsto a,k\}k:cons(a,i);i:=k \{ lseg \ a \cdot \alpha(i,j)\} \\ \{lseg \ \alpha(i,j)*j \mapsto a,k\}l:=cons(b,k);[j+1]=l \{ lseg \ \alpha \cdot a \cdot b(i,k)\} \\ \{lseg \ a \cdot \alpha(i,k)\} j:=[i+1];dispose \ i ; dispose \ i+1; i:=j \ \{lseg \ \alpha(i,k)\} {lseg α(i,j)∗j↦a,k}k:cons(a,i);i:=k{lseg a⋅α(i,j)}{lseg α(i,j)∗j↦a,k}l:=cons(b,k);[j+1]=l{lseg α⋅a⋅b(i,k)}{lseg a⋅α(i,k)}j:=[i+1];dispose i;dispose i+1;i:=j {lseg α(i,k)}
Remember:
$lseg[](x,y)\equiv empty\wedge x=y$
$lsegv::\alpha (x,y)\equiv \exists j.x\mapsto v\ast (x+1\mapsto j)\ast lseg\alpha (j,y)$
Notation : $j\mapsto a,k$ stands for $j\mapsto a\ast j+1\mapsto k$