Key points are not available for this paper at this time.
The introduction of separation logic has led to the development of symbolic-execution techniques and tools that are (functionally) compositional with function specifications that can be used in broader calling contexts. Many of the compositional symbolic-execution tools developed in academia and industry have been grounded on a formal foundation, but either the function specifications are not validated concerning the underlying separation logic of the theory, or there is a large gulf between the theory and the tool implementation. We introduce a formal compositional symbolic-execution engine which creates and uses function specifications from an underlying separation logic and provides a sound theoretical foundation partially inspired by the Gillian symbolic-execution platform. This is achieved by providing an axiomatic interface which describes the properties of the consume and produce operations used in the engine to compositionally update the symbolic state, including, when calling function specifications -- a technique used by VeriFast, Viper, and Gillian but not previously characterised independently of the tool. Our result consume and produce operations inspired by the Gillian implementation that satisfy the properties described by our axiomatic interface. A surprising property of our engine semantics is its ability to underpin both correctness and incorrectness reasoning, with the primary distinction being the choice between satisfiability and validity. We use this property to extend the Gillian platform, which previously only supported correctness reasoning, with incorrectness reasoning and automatic true bug-finding using incorrectness bi-abduction. We evaluate our new Gillian platform through instantiation to C. This instantiation is the first tool grounded on a common formal compositional symbolic-execution engine to support both correctness and incorrectness reasoning.
Lööw et al. (Mon,) studied this question.