Relative Completeness of Incorrectness Separation Logic
Yeonseok Lee, Koji Nakazawa
TL;DR
This paper proves the relative completeness of Incorrectness Separation Logic (ISL) by leveraging weakest postconditions and canonicalization, enhancing its theoretical foundation for bug detection in heap-manipulating programs.
Contribution
It establishes the relative completeness of ISL using weakest postconditions and introduces a canonicalization method with variable aliasing for its proof system.
Findings
Proves relative completeness of ISL.
Introduces a canonicalization method for weakest postconditions.
Enhances theoretical understanding of ISL's expressiveness.
Abstract
Incorrectness Separation Logic (ISL) is a proof system that is tailored specifically to resolve problems of under-approximation in programs that manipulate heaps, and it primarily focuses on bug detection. This approach is different from the over-approximation methods that are used in traditional logics such as Hoare Logic or Separation Logic. Although the soundness of ISL has been established, its completeness remains unproven. In this study, we establish relative completeness by leveraging the expressiveness of the weakest postconditions; expressiveness is a factor that is critical to demonstrating relative completeness in Reverse Hoare Logic. In our ISL framework, we allow for infinite disjunctions in disjunctive normal forms, where each clause comprises finite symbolic heaps with existential quantifiers. To compute the weakest postconditions in ISL, we introduce a canonicalization…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsLogic, programming, and type systems · Web Application Security Vulnerabilities · Software Testing and Debugging Techniques