Sound Automation of Magic Wands (extended version)

TL;DR

This paper introduces a formal, sound, and complete framework for automating the proof of magic wands in separation logic, reducing annotation overhead and enabling fractional wand composition.

Contribution

It presents a novel formal framework and package algorithm for magic wand proofs, along with a restricted wand definition allowing fractional composition, implemented in Viper.

Findings

The framework is sound and complete, verified in Isabelle/HOL.

The new package algorithm offers competitive automation with reduced overhead.

Fractional wand composition is soundly achievable under the new restricted definition.

Abstract

The magic wand $\mathbin{-\!\!*}$ (also called separating implication) is a separation logic connective commonly used to specify properties of partial data structures, for instance during iterative traversals. A footprint of a magic wand formula $A \mathbin{-\!\!*} B$ is a state that, combined with any state in which $A$ holds, yields a state in which $B$ holds. The key challenge of proving a magic wand (also called packaging a wand) is to find such a footprint. Existing package algorithms either have a high annotation overhead or, as we show in this paper, are unsound. We present a formal framework that precisely characterises a wide design space of possible package algorithms applicable to a large class of separation logics. We prove in Isabelle/HOL that our formal framework is sound and complete, and use it to develop a novel package algorithm that offers competitive automation and is sound. Moreover, we present a novel, restricted definition of wands and prove in Isabelle/HOL that it is possible to soundly combine fractions of such wands, which is not the case for arbitrary wands. We have implemented our techniques for the Viper language, and demonstrate that they are effective in practice.