research-article

High-level separation logic for low-level code

Authors:

Jonas B. Jensen,

Nick Benton, and

Andrew KennedyAuthors Info & Claims

POPL '13: Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

January 2013

Pages 301 - 314

https://doi.org/10.1145/2429069.2429105

Published: 23 January 2013 Publication History

Abstract

Separation logic is a powerful tool for reasoning about structured, imperative programs that manipulate pointers. However, its application to unstructured, lower-level languages such as assembly language or machine code remains challenging. In this paper we describe a separation logic tailored for this purpose that we have applied to x86 machine-code programs.

The logic is built from an assertion logic on machine states over which we construct a specification logic that encapsulates uses of frames and step indexing. The traditional notion of Hoare triple is not applicable directly to unstructured machine code, where code and data are mixed together and programs do not in general run to completion, so instead we adopt a continuation-passing style of specification with preconditions alone. Nevertheless, the range of primitives provided by the specification logic, which include a higher-order frame connective, a novel read-only frame connective, and a 'later' modality, support the definition of derived forms to support structured-programming-style reasoning for common cases, in which standard rules for Hoare triples are derived as lemmas. Furthermore, our encoding of scoped assembly-language labels lets us give definitions and proof rules for powerful assembly-language 'macros' such as while loops, conditionals and procedures.

We have applied the framework to a model of sequential x86 machine code built entirely within the Coq proof assistant, including tactic support based on computational reflection.

Supplementary Material

MP4 File (r2d2_talk3.mp4)

Download
203.84 MB

References

[1]

R. Affeldt, D. Nowak, and K. Yamada. Certifying assembly with formal security proofs: the case of BBS. Sci. Comput. Prog., 77(10--11), 2012.

Digital Library

[2]

A. W. Appel and D. McAllester. An indexed model of recursive types for foundational proof-carrying code. ACM Trans. Program. Lang. Syst., 2001.

Digital Library

[3]

A. W. Appel, P.-A. Melliès, C. D. Richards, and J. Vouillon. A very modal model of a modern, major, general type system. In Proceedings of POPL, 2007.

Digital Library

[4]

J. Bengtson, J. B. Jensen, and L. Birkedal. Charge! -- a framework for higher-order separation logic in Coq. In Proc. of ITP, 2012.

[5]

N. Benton. A typed, compositional logic for a stack-based abstract machine. In APLAS, volume 3780 of LNCS, 2005.

Digital Library

[6]

N. Benton. Abstracting allocation: The new new thing. In Computer Science Logic (CSL 2006), volume 4207 of LNCS, 2006.

Digital Library

[7]

N. Benton and N. Tabareau. Compiling functional types to relational specifications for low level imperative code. In TLDI, 2009.

Digital Library

[8]

L. Birkedal, N. Torp-Smith, and H. Yang. Semantics of separation-logic typing and higher-order frame rules. In Proc. of LICS, 2005.

Digital Library

[9]

L. Birkedal, N. Torp-Smith, and H. Yang. Semantics of separation-logic typing and higher-order frame rules for Algol-like languages. Logical Methods in Computer Science, 2006.

[10]

L. Birkedal and H. Yang. Relational parametricity and separation logic. Logical Methods in Computer Science, 2008.

[11]

F. Blanqui, C. Helmstetter, V. Joloboff, J.-F. Monin, and X. Shi. Designing a CPU model: from a pseudo-formal document to fast code. In 3rd Workshop on Rapid Simulation and Performance Evaluation: Methods and Tools (RAPIDO 2011), 2011.

[12]

R. Bornat, C. Calcagno, P. W. O'Hearn, and M. J. Parkinson. Permission accounting in separation logic. In Proceedings of POPL, 2005.

Digital Library

[13]

R. M. Burstall. Some techniques for proving correctness of programs which alter data structures. Machine Intelligence, 7, 1972.

[14]

H. Cai, Z. Shao, and A. Vaynberg. Certified self-modifying code. In Proc. of PLDI, 2007.

Digital Library

[15]

C. Calcagno, P. W. O'Hearn, and H. Yang. Local action and abstract separation logic. In Proc. of LICS, 2007.

Digital Library

[16]

A. Chlipala. Mostly-automated verification of low-level programs in computational separation logic. In Proc. of PLDI, 2011.

Digital Library

[17]

A. Chlipala. Certified Programming with Dependent Types. MIT Press, to appear.

[18]

R. W. Floyd. Assigning meanings to programs. In J. T. Schwartz, editor, Mathematical Aspects of Computer Science, volume 19 of Proc. of Symposia in Applied Mathematics, Providence, Rhode Island, 1967. AMS.

[19]

A. C. J. Fox and M. O. Myreen. A trustworthy monadic formalization of the ARMv7 instruction set architecture. In 1st International Conference on Interactive Theorem Proving (ITP 2010), volume 6172 of LNCS, 2010.

Digital Library

[20]

G. Gonthier, A. Mahboubi, and E. Tassi. A small scale reflection extension for the Coq system. Technical Report 6455, INRIA, 2011.

[21]

C. Hawblitzel and E. Petrank. Automated verification of practical garbage collectors. In POPL, 2009.

Digital Library

[22]

J. B. Jensen and L. Birkedal. Fictional separation logic. In Proc. of ESOP, volume 7211 of LNCS. Springer, 2012.

Digital Library

[23]

N. R. Krishnaswami. Verifying Higher-Order Imperative Programs with Higher-Order Separation Logic. PhD thesis, Carnegie Mellon University, 2012.

[24]

J. McCarthy and J. Painter. Correctness of a compiler for arithmetic expressions. In Mathematical Aspects of Computer Science, volume 19 of Proc. of Symposia in Applied Mathematics. AMS, 1967.

[25]

J. Strother Moore. A mechanically verified language implementation. Journal of Automated Reasoning, 5, 1989.

Digital Library

[26]

G. Morrisett, G. Tan, J. Tassarotti, J.B. Tristan, and E. Gan. Rocksalt: Better, faster, stronger SFI for the x86. In 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2012). ACM, 2012.

Digital Library

[27]

G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to typed assembly language. ACM Transactions on Programming Languages and Systems, 21(3), 1999.

Digital Library

[28]

M. O. Myreen. Verified just-in-time compiler on x86. In Proc. of POPL, 2010.

Digital Library

[29]

M. O. Myreen and M. J. C. Gordon. Hoare logic for realistically modelled machine code. In Proc. of TACAS, 2007.

Digital Library

[30]

H. Nakano. A modality for recursion. In Proc. of LICS, 2000.

Digital Library

[31]

Z. Ni and Z. Shao. Certified assembly programming with embedded code pointers. In Proc. of POPL, 2006.

Digital Library

[32]

P. W. O'Hearn, H. Yang, and J. C. Reynolds. Separation and information hiding. In Proc. of POPL, 2004.

Digital Library

[33]

F. Pottier. Hiding local state in direct style: a higher-order anti-frame rule. In Proc. of LICS, 2008.

Digital Library

[34]

J. C. Reynolds. An introduction to specification logic. In Logics of Programs, 1983.

Digital Library

[35]

J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In Proc. of LICS, 2002.

Digital Library

[36]

A. Saabas and T. Uustalu. A compositional natural semantics and Hoare logic for low-level languages. Theor. Comput. Sci., 373(3), 2007.

Digital Library

[37]

M. Sozeau and N. Oury. First-class type classes. In Proc. of TPHOLs, 2008.

Digital Library

[38]

G. Tan and A. W. Appel. A compositional logic for control flow. In 7th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI 2006), 2006.

Digital Library

[39]

A. M. Turing. Checking a large routine. In Report of a Conference on High Speed Automatic Calculating Machines, 1949.

[40]

X. Jiang W. Wang, Z. Shao and Y. Guo. A simple model for certifying assembly programs with first-class function pointers. In Proc. of TASE, 2011.

Digital Library

[41]

W. D. Young. A mechanically verified code generator. Journal of Automated Reasoning, 5, 1989.

Digital Library

Cited By

Khakpour NHong JPark J(2024)Verification of Concurrent Machine Code Running on a Single-Core MachineProceedings of the 39th ACM/SIGAPP Symposium on Applied Computing10.1145/3605098.3635924(1675-1683)Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1145/3605098.3635924
Patterson DWagner AAhmed ACong YDagand P(2023)Semantic Encapsulation using Linking TypesProceedings of the 8th ACM SIGPLAN International Workshop on Type-Driven Development10.1145/3609027.3609405(14-28)Online publication date: 30-Aug-2023
https://dl.acm.org/doi/10.1145/3609027.3609405
Liu ZStepanenko SPichon-Pharabod JTimany AAskarov ABirkedal L(2023)VMSL: A Separation Logic for Mechanised Robust Safety of Virtual Machines Communicating above FF-AProceedings of the ACM on Programming Languages10.1145/35912797:PLDI(1438-1462)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591279
Show More Cited By

Index Terms

High-level separation logic for low-level code
1. Software and its engineering
2. Theory of computation
  1. Logic
    1. Proof theory
  2. Semantics and reasoning
    1. Program reasoning

Recommendations

High-level separation logic for low-level code
POPL '13

Separation logic is a powerful tool for reasoning about structured, imperative programs that manipulate pointers. However, its application to unstructured, lower-level languages such as assembly language or machine code remains challenging. In this ...
Read More
Interactive proofs in higher-order concurrent separation logic
POPL '17

When using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...
Read More
Interactive proofs in higher-order concurrent separation logic
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages

When using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

POPL '13: Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

January 2013

586 pages

ISBN:9781450318327

DOI:10.1145/2429069

General Chair:
Roberto Giacobazzi
Università di Verona, Italy
,
Program Chair:
Radhia Cousot
École normale supérieure CNRS & INRIA, France

ACM SIGPLAN Notices Volume 48, Issue 1
POPL '13
January 2013
561 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2480359
Issue’s Table of Contents

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

In-Cooperation

SIGACT: ACM Special Interest Group on Algorithms and Computation Theory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 January 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

POPL '13

Sponsor:

SIGPLAN

POPL '13: The 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

January 23 - 25, 2013

Rome, Italy

Acceptance Rates

Overall Acceptance Rate 824 of 4,130 submissions, 20%

Upcoming Conference

POPL '25

Sponsor:
sigplan

The 52nd Annual ACM SIGPLAN Symposium on Principles of Programming Languages

January 19 - 25, 2025

Denver , CO , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

48
Total Citations
View Citations
579
Total Downloads

Downloads (Last 12 months)22
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Khakpour NHong JPark J(2024)Verification of Concurrent Machine Code Running on a Single-Core MachineProceedings of the 39th ACM/SIGAPP Symposium on Applied Computing10.1145/3605098.3635924(1675-1683)Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1145/3605098.3635924
Patterson DWagner AAhmed ACong YDagand P(2023)Semantic Encapsulation using Linking TypesProceedings of the 8th ACM SIGPLAN International Workshop on Type-Driven Development10.1145/3609027.3609405(14-28)Online publication date: 30-Aug-2023
https://dl.acm.org/doi/10.1145/3609027.3609405
Liu ZStepanenko SPichon-Pharabod JTimany AAskarov ABirkedal L(2023)VMSL: A Separation Logic for Mechanised Robust Safety of Virtual Machines Communicating above FF-AProceedings of the ACM on Programming Languages10.1145/35912797:PLDI(1438-1462)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591279
Patterson DMushtak NWagner AAhmed AJhala RDillig I(2022)Semantic soundness for language interoperabilityProceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3519939.3523703(609-624)Online publication date: 9-Jun-2022
https://dl.acm.org/doi/10.1145/3519939.3523703
Sammler MHammond ALepigre RCampbell BPichon-Pharabod JDreyer DGarg DSewell PJhala RDillig I(2022)Islaris: verification of machine code against authoritative ISA semanticsProceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3519939.3523434(825-840)Online publication date: 9-Jun-2022
https://dl.acm.org/doi/10.1145/3519939.3523434
Lepigre RSammler MMemarian KKrebbers RDreyer DSewell P(2022)VIP: verifying real-world C idioms with integer-pointer castsProceedings of the ACM on Programming Languages10.1145/34986816:POPL(1-32)Online publication date: 12-Jan-2022
https://dl.acm.org/doi/10.1145/3498681
Georges AGuéneau AVan Strydonck TTimany ATrieu AHuyghebaert SDevriese DBirkedal L(2021)Efficient and provable local capability revocation using uninitialized capabilitiesProceedings of the ACM on Programming Languages10.1145/34342875:POPL(1-30)Online publication date: 4-Jan-2021
https://dl.acm.org/doi/10.1145/3434287
雷斯(2020)Tactics for Proving Separation Logic Assertions in CoqSoftware Engineering and Applications10.12677/SEA.2020.9100309:01(14-21)Online publication date: 2020
https://doi.org/10.12677/SEA.2020.91003
Lim JNagarakatte SKandemir MJimborean AMoseley T(2019)Automatic equivalence checking for assembly implementations of cryptography librariesProceedings of the 2019 IEEE/ACM International Symposium on Code Generation and Optimization10.5555/3314872.3314880(37-49)Online publication date: 16-Feb-2019
https://dl.acm.org/doi/10.5555/3314872.3314880
Armstrong ABauereiss TCampbell BReid AGray KNorton RMundkur PWassell MFrench JPulte CFlur SStark IKrishnaswami NSewell P(2019)ISA semantics for ARMv8-a, RISC-v, and CHERI-MIPSProceedings of the ACM on Programming Languages10.1145/32903843:POPL(1-31)Online publication date: 2-Jan-2019
https://dl.acm.org/doi/10.1145/3290384
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents