On Extending Incorrectness Logic with Backwards Reasoning
Article No.: 14, Pages 391 - 415
Abstract
This paper studies an extension of O'Hearn's incorrectness logic (IL) that allows backwards reasoning. IL in its current form does not generically permit backwards reasoning. We show that this can be mitigated by extending IL with underspecification. The resulting logic combines underspecification (the result, or postcondition, only needs to formulate constraints over relevant variables) with underapproximation (it allows to focus on fewer than all the paths). We prove soundness of the proof system, as well as completeness for a defined subset of presumptions. We discuss proof strategies that allow one to derive a presumption from a given result. Notably, we show that the existing concept of loop summaries -- closed-form symbolic representations that summarize the effects of executing an entire loop at once -- is highly useful. The logic, the proof system and all theorems have been formalized in the Isabelle/HOL theorem prover.
References
[1]
[n. d.]. LibFuzzer – a library for coverage-guided fuzz testing. https://llvm.org/docs/LibFuzzer.html Accessed: 2024-01
[2]
Flavio Ascari, Roberto Bruni, Roberta Gori, and Francesco Logozzo. 2023. Sufficient Incorrectness Logic: SIL and Separation SIL. arXiv preprint arXiv:2310.18156, https://doi.org/10.48550/arXiv.2310.18156
[3]
Roberto Baldoni, Emilio Coppa, Daniele Cono D’elia, Camil Demetrescu, and Irene Finocchi. 2018. A survey of symbolic execution techniques. ACM Computing Surveys (CSUR), 51, 3 (2018), 1–39. https://doi.org/10.1145/3182657
[4]
Thomas Ball. 2004. A theory of predicate-complete test coverage and generation. In International Symposium on Formal Methods for Components and Objects. 1–22. https://doi.org/10.1007/11561163_1
[5]
Clemens Ballarin. 2003. Locales and locale expressions in Isabelle/Isar. In International Workshop on Types for Proofs and Programs. 34–50. https://doi.org/10.1007/978-3-540-24849-1_3
[6]
Roberto Bruni, Roberto Giacobazzi, Roberta Gori, and Francesco Ranzato. 2021. A logic for locally complete abstract interpretations. In 2021 36th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS). 1–13. https://doi.org/10.1109/LICS52264.2021.9470608
[7]
Cristian Cadar, Daniel Dunbar, and Dawson R Engler. 2008. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI. 8, 209–224. https://dl.acm.org/doi/10.5555/1855741.1855756
[8]
Cristiano Calcagno and Dino Distefano. 2011. Infer: An automatic program verifier for memory safety of C programs. In NASA Formal Methods Symposium. 459–465. https://doi.org/10.1007/978-3-642-20398-5_33
[9]
Edmund M Clarke, E Allen Emerson, and A Prasad Sistla. 1986. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems (TOPLAS), 8, 2 (1986), 244–263. https://dl.acm.org/doi/10.1145/5397.5399
[10]
Patrick Cousot, Radhia Cousot, Manuel Fähndrich, and Francesco Logozzo. 2013. Automatic inference of necessary preconditions. In International Workshop on Verification, Model Checking, and Abstract Interpretation. 128–148. https://doi.org/10.1007/978-3-642-35873-9_10
[11]
Jeremy Dawson. 2009. Isabelle theories for machine words. Electronic Notes in Theoretical Computer Science, 250, 1 (2009), 55–70. https://doi.org/10.1016/j.entcs.2009.08.005
[12]
Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In International conference on Tools and Algorithms for the Construction and Analysis of Systems. 337–340. https://doi.org/10.1007/978-3-540-78800-3_24
[13]
Edsger W. Dijkstra. 1975. Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM, 18, 8 (1975), aug, 453–457. issn:0001-0782 https://doi.org/10.1145/360933.360975
[14]
Robert W. Floyd. 1967. Assigning Meanings to Programs. Proceedings of Symposium on Applied Mathematics, 19 (1967), 19–32. https://doi.org/10.1007/978-94-011-1793-7_4
[15]
Florian Frohn. 2020. A calculus for modular loop acceleration. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS). 58–76. https://doi.org/10.48550/arXiv.2001.01516
[16]
Patrice Godefroid. 2007. Compositional dynamic test generation. In Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages. 47–54. https://doi.org/10.1145/1190215.1190226
[17]
Patrice Godefroid, Nils Klarlund, and Koushik Sen. 2005. DART: Directed automated random testing. In Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation. 213–223. https://doi.org/10.1145/1064978.1065036
[18]
Patrice Godefroid and Daniel Luchaup. 2011. Automatic partial loop summarization in dynamic test generation. In Proceedings of the 2011 International Symposium on Software Testing and Analysis. 23–33. https://doi.org/10.1145/2001420.2001424
[19]
Charles Antony Richard Hoare. 1969. An axiomatic basis for computer programming. Commun. ACM, 12, 10 (1969), 576–580. https://doi.org/10.1145/363235.363259
[20]
Charles Antony Richard Hoare. 1978. Some properties of predicate transformers. Journal of the ACM (JACM), 25, 3 (1978), 461–480. https://doi.org/10.1145/322077.322088
[21]
Stephen Cole Kleene. 1952. Introduction to Metamathematics. P. Noordhoff N.V., Groningen.
[22]
Quang Loc Le, Azalea Raad, Jules Villard, Josh Berdine, Derek Dreyer, and Peter W O’Hearn. 2022. Finding real bugs in big programs with incorrectness logic. Proceedings of the ACM on Programming Languages, 6, OOPSLA1 (2022), 1–27. https://doi.org/10.5281/zenodo.6342311
[23]
James Li, Noam Zilberstein, and Alexandra Silva. 2024. Total Outcome Logic: Proving Termination and Nontermination in Programs with Branching. arXiv preprint arXiv:2411.00197, https://doi.org/10.48550/arXiv.2411.00197
[24]
Petar Maksimović, Caroline Cronjäger, Andreas Lööw, Julian Sutherland, and Philippa Gardner. 2023. Exact Separation Logic: Towards Bridging the Gap Between Verification and Bug-Finding. In 37th European Conference on Object-Oriented Programming (ECOOP 2023). 19:1–19:27. isbn:978-3-95977-281-5 issn:1868-8969 https://doi.org/10.4230/LIPIcs.ECOOP.2023.19
[25]
Bernhard Möller, Peter O’Hearn, and Tony Hoare. 2021. On algebra of program correctness and incorrectness. In Relational and Algebraic Methods in Computer Science: 19th International Conference, RAMiCS 2021, Marseille, France, November 2–5, 2021, Proceedings 19. 325–343. https://doi.org/10.1007/978-3-030-88701-8_20
[26]
Tobias Nipkow, Markus Wenzel, and Lawrence C Paulson. 2002. Isabelle/HOL: a proof assistant for higher-order logic. Springer. https://doi.org/10.1007/3-540-45949-9_5
[27]
Peter W O’Hearn. 2019. Incorrectness logic. Proceedings of the ACM on Programming Languages, 4, POPL (2019), 1–32. https://doi.org/10.1145/3371078
[28]
Azalea Raad, Josh Berdine, Hoang-Hai Dang, Derek Dreyer, Peter O’Hearn, and Jules Villard. 2020. Local reasoning about the presence of bugs: Incorrectness Separation Logic. In Computer Aided Verification: 32nd International Conference, CAV 2020, Los Angeles, CA, USA, July 21–24, 2020, Proceedings, Part II 32. 225–252. https://doi.org/10.1007/978-3-030-53291-8_14
[29]
Azalea Raad, Josh Berdine, Derek Dreyer, and Peter W. O’Hearn. 2022. Concurrent incorrectness separation logic. Proc. ACM Program. Lang., 6, POPL (2022), Article 34, jan, 29 pages. https://doi.org/10.1145/3498695
[30]
Prateek Saxena, Pongsin Poosankam, Stephen McCamant, and Dawn Song. 2009. Loop-extended symbolic execution on binary programs. In Proceedings of the eighteenth international symposium on Software testing and analysis. 225–236. https://doi.org/10.1145/1572272.1572299
[31]
Kosta Serebryany. 2016. Continuous Fuzzing with libFuzzer and AddressSanitizer. In 2016 IEEE Cybersecurity Development (SecDev). 157–157. https://doi.org/10.1109/SecDev.2016.043
[32]
Jan Strejček and Marek Trtík. 2012. Abstracting path conditions. In Proceedings of the 2012 International Symposium on Software Testing and Analysis. 155–165. https://doi.org/10.1145/2338965.2336772
[33]
Julien Vanegue. 2022. Adversarial Logic. In Static Analysis, Gagandeep Singh and Caterina Urban (Eds.). Springer Nature Switzerland, Cham. 422–448. isbn:978-3-031-22308-2 https://doi.org/10.1007/978-3-031-22308-2_19
[34]
Edsko de Vries and Vasileios Koutavas. 2011. Reverse Hoare logic. In International Conference on Software Engineering and Formal Methods. 155–171. https://doi.org/10.1007/978-3-642-24690-6_12
[35]
Xiaofei Xie, Bihuan Chen, Yang Liu, Wei Le, and Xiaohong Li. 2016. Proteus: Computing disjunctive loop summary via path dependency analysis. In Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. 61–72. https://doi.org/10.1145/2950290.2950340
[36]
Xiaofei Xie, Yang Liu, Wei Le, Xiaohong Li, and Hongxu Chen. 2015. S-looper: Automatic summarization for multipath string loops. In Proceedings of the 2015 International Symposium on Software Testing and Analysis. 188–198. https://doi.org/10.1145/2771783.2771815
[37]
Noam Zilberstein, Derek Dreyer, and Alexandra Silva. 2023. Outcome logic: A unifying foundation for correctness and incorrectness reasoning. Proceedings of the ACM on Programming Languages, 7, OOPSLA1 (2023), 522–550. https://doi.org/10.1145/3586045
[38]
Noam Zilberstein, Angelina Saliling, and Alexandra Silva. 2024. Outcome Separation Logic: Local Reasoning for Correctness and Incorrectness with Computational Effects. Proceedings of the ACM on Programming Languages, 8, OOPSLA1 (2024), 276–304. https://doi.org/10.1145/3649821
Index Terms
- On Extending Incorrectness Logic with Backwards Reasoning
Recommendations
Relative Completeness of Incorrectness Separation Logic
Programming Languages and SystemsAbstractIncorrectness Separation Logic (ISL) is a proof system that is tailored specifically to resolve problems of under-approximation in programs that manipulate heaps, and it primarily focuses on bug detection. This approach is different from the over-...
Hyper Hoare Logic: (Dis-)Proving Program Hyperproperties
Hoare logics are proof systems that allow one to formally establish properties of computer programs. Traditional Hoare logics prove properties of individual program executions (such as functional correctness). Hoare logic has been generalized to prove ...
A Correctness and Incorrectness Program Logic
Abstract interpretation is a well-known and extensively used method to extract over-approximate program invariants by a sound program analysis algorithm. Soundness means that no program errors are lost and it is, in principle, guaranteed by construction. ...
Comments
Information & Contributors
Information
Published In
January 2025
2363 pages
Copyright © 2025 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 January 2025
Published in PACMPL Volume 9, Issue POPL
Check for updates
Badges
Author Tags
Qualifiers
- Research-article
Funding Sources
- DARPA
- National Research Foundation of Korea
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 74Total Downloads
- Downloads (Last 12 months)74
- Downloads (Last 6 weeks)74
Reflects downloads up to 27 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in