Rely-Guarantee Semantics for Separation-Logic-Based Specification Extraction

While formal verification promises correctness guarantees about software, these guarantees themselves must be verified. This dissertation focuses on the soundness of the Heapster verification tool, which converts imperative programs into functional specifications. Heapster is able to do this by using a type system based on separation logic to guarantee memory safety, ensuring that pointer operations can be erased in the functional program. We prove the soundness of this type system using a novel concept called rely-guarantee permissions as the semantics of types. These rely-guarantee permissions are derived from rely-guarantee reasoning, a technique for reasoning about concurrent code. We show that this approach is expressive enough to represent types to typecheck imperative programs that use complex features like pointers, linked lists, and Rust lifetimes. Additionally, we show that the semantics are flexible enough to represent the extraction of equivalent functional programs—with these features erased—as part of the typechecking process. To increase confidence in the correctness of these results and thus in the correctness of Heapster, all our proofs are formalized in Coq.