Existing program logics struggle to support modular reasoning about hyperproperties involving heap manipulations and arbitrary quantifier alternations, such as generalized noninterference. This work proposes Hyper Separation Logic (HSL), which extends separation logic to sets of program states by introducing a hyper-separating conjunction and integrates a generalized frame rule. For the first time, HSL enables modular verification of heap-manipulating programs against hyperproperties with arbitrary quantifier alternations. Formally developed in Isabelle/HOL, HSL overcomes the expressiveness limitations of both traditional separation logic and Hyper Hoare Logic, successfully verifying several hyperproperties previously beyond reach. The results demonstrate HSL’s theoretical completeness and enhanced expressive power.

Many important functional and security properties--including non-interference, determinism, and generalized non-interference (GNI)--are hyperproperties, i.e., properties relating multiple executions of a program. Existing separation logics allow one to reason about specific classes of hyperproperties, e.g., $\forall\forall$-hyperproperties such as non-interference and $\exists\exists$-properties such as non-determinism. However, they do not support quantifier alternation, which is for instance needed to express GNI. The only existing logic that can reason about such properties is Hyper Hoare Logic, but it does not support heap-manipulating programs and, thus, is not applicable to common imperative programs. This paper introduces Hyper Separation Logic (HSL), the first program logic that supports modular reasoning about hyperproperties with arbitrary quantifier alternation over programs that manipulate the heap. HSL generalizes Hyper Hoare Logic with a novel hyper separating conjunction that lifts the standard separating conjunction to sets of states, enabling a generalized frame rule for hyperproperties. We prove HSL sound in Isabelle/HOL and demonstrate its expressiveness for hyperproperties that lie beyond the reach of existing separation logics.