Verifying the Composite Pattern using Separation Logic Bart Jacobs Jan Smans Frank Piessens...
-
Upload
sandra-carte -
Category
Documents
-
view
219 -
download
0
Transcript of Verifying the Composite Pattern using Separation Logic Bart Jacobs Jan Smans Frank Piessens...
Verifying the Composite Pattern using Separation Logic
Bart JacobsJan SmansFrank PiessensKatholieke Universiteit Leuven, Belgium
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Overview
General Idea Example: Binary Tree
Interface Client Specification Client Proof Implementation and Implementation Proof Non-contiguous Focus Changes
Demonstration Conclusion
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
General Idea
Module Client
Invariant
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeInterface
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeClient
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeSpecification
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeSpecification: Datatype tree
n0
n1
n2 n3
tree(n0, tree(n1, tree(n2, nil, nil), tree(n3, nil, nil)), nil)
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeSpec’n: Pure function count
count(tree(n0, tree(n1, tree(n2, nil, nil), tree(n3, nil, nil)), nil)) = 4
n0
n1
n2 n3
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeSpec’n: Datatype context
root
n0
left_context(root, n0, nil)
n0
n1
n2
right_context(left_context(root, n0, nil), n1, tree(n2, nil, nil))
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeSpec’n: Predicate tree
n0
n1
n2 n3
memory region
tree(n0, root, tree(n0, tree(n1, tree(n2, nil, nil), tree(n3, nil, nil)), nil))
focus node
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeSpec’n: Predicate tree
n0
n1
n2 n3
memory region
tree(n1, left_context(root, n0, nil), tree(n1, tree(n2, nil, nil), tree(n3, nil, nil)))
focus node
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeSpec’n: Predicate tree
n0
n1
n2 n3
memory region
tree(n3, right_context( left_context(root, n0, nil), n1, tree(n2, nil, nil)), tree(n3, nil, nil))
focus node
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeSpec’n: Function create_tree
result
focus node
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
c
Example: Binary TreeSpec’n: Function tree_add_left
node
r focus node
cnode
r
result
focus node
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
c
Example: Binary TreeSpec’n: Function tree_get_count
node
t
focus node
cnode
t
focus node
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeSpec’n: Function tree_get_parent
node
tfocus node
pns
r
pnode
t
pns
r
p
focus node(case left_context)
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeSpec’n: Function tree_dispose
node
focus node
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeClient Proof
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeImplementation: struct node
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeImplementation: predicate tree
cnode
subtree
focus node cnode
node
subtree
context(node, parent, count(subtree), c)
subtree(node, parent, subtree)
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeImplementation: predicate subtree
left
left-Nodes
right-Nodes
node
right
node->left |-> left
node->right |-> right
node->parent |-> parent
node->count |-> count(t)
malloc_block_node(node)
left
left-Nodes
right
right-Nodes
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeImplementation: predicate context
n
pns
r
pright
p->left |-> n
p->right |-> right
p->parent |-> gp
p->count |-> pcount
malloc_block_node(p)
right
r
pnsp
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeImplementation: function create_tree
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeImpl’n: function subtree_get_count
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeImpl’n: function fixup_ancestors
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeImpl’n: function tree_add_left
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeImpl’n: function tree_get_count
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Example: Binary TreeImpl’n: function tree_get_parent
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Overview
General Idea Example: Binary Tree
Interface Client Specification Client Proof Implementation and Implementation Proof Non-contiguous Focus Changes
Demonstration Conclusion
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Non-contiguous Focus ChangesExample Client Program
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Non-contiguous Focus ChangesAdditional Specification Elements
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Non-contiguous Focus ChangesProof of Example Client Program
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Non-contiguous Focus ChangesProof of lemma change_focus
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Overview
General Idea Example: Binary Tree
Interface Client Specification Client Proof Implementation and Implementation Proof Non-contiguous Focus Changes
Demonstration Conclusion
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Overview
General Idea Example: Binary Tree
Interface Client Specification Client Proof Implementation and Implementation Proof Non-contiguous Focus Changes
Demonstration Conclusion
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic
Conclusion
Approach: Structure = 1 seplogic predicate In proof: Separate out focus node In client: Change focus node using
lemma VeriFast:
www.cs.kuleuven.be/~bartj/verifast