full functional verification of linked data structures
play

Full Functional Verification of Linked Data Structures Karen Zee , - PowerPoint PPT Presentation

Aug 04, 2023 •276 likes •968 views

Full Functional Verification of Linked Data Structures Karen Zee , Viktor Kuncak , and Martin Rinard MIT CSAIL EPFL, I&C Goal Verify full functional correctness of linked data structure implementations What is Full

  1. Full Functional Verification of Linked Data Structures Karen Zee † , Viktor Kuncak ‡ , and Martin Rinard † † MIT CSAIL ‡ EPFL, I&C

  2. Goal Verify full functional correctness of linked data structure implementations

  3. What is Full Functional Correctness? • Complete, precise formal specification • Captures every property client needs (except resource consumption) • Implementation satisfies specification

  4. Benefits of Full Functional Correctness • Complete, precise, unambiguous interfaces for linked data structures • Enables sound reasoning with specification (can discard implementation when reasoning)  Human developers  Automated analyses of client code • First complete realization of concept of abstract data types

  5. Example

  6. Hashtable Specification class Hashtable { //: public ghost specvar content :: “(obj * obj) set” = “{}”; //: public ghost specvar init :: “bool” = “false”; public Object put(Object key, Object value) /*: requires “init ∧ key ≠ null ∧ value ≠ null” modifies content ensures “content = old content - {(key, result)} ∪ {(key, value)} ^ (result = null → ¬ ( ∃ v. (key, v) ∈ old content)) ∧ (result ≠ null → (key, result) ∈ old content)” */ { … } … • Specifications at class granularity } • Specifications appear as comments • Can use standard Java compilers

  7. Abstract State as Sets, Relations class Hashtable { //: public ghost specvar content :: “(obj * obj) set” = “{}”; //: public ghost specvar init :: “bool” = “false”; public Object put(Object key, Object value) /*: requires “init ∧ key ≠ null ∧ value ≠ null” modifies content ensures “content = old content - {(key, result)} ∪ {(key, value)} ^ (result = null → ¬ ( ∃ v. (key, v) ∈ old content)) ∧ (result ≠ null → (key, result) ∈ old content)” */ { … } • Represent abstract state using … } specification variables • Contents of hash table as set of key-value pairs

  8. Method Preconditions, Postconditions class Hashtable { //: public ghost specvar content :: “(obj * obj) set” = “{}”; //: public ghost specvar init :: “bool” = “false”; public Object put(Object key, Object value) /*: requires “init ∧ key ≠ null ∧ value ≠ null” modifies content ensures “content = old content - {(key, result)} ∪ {(key, value)} ^ (result = null → ¬ ( ∃ v. (key, v) ∈ old content)) ∧ (result ≠ null → (key, result) ∈ old content)” */ { … } • Standard assume-guarantee reasoning … } for method interfaces • Pre-, post-conditions in higher-order logic (HOL)

  9. Requires Clause class Hashtable { //: public ghost specvar content :: “(obj * obj) set” = “{}”; //: public ghost specvar init :: “bool” = “false”; public Object put(Object key, Object value) /*: requires “init ∧ key ≠ null ∧ value ≠ null” modifies content ensures “content = old content - {(key, result)} ∪ {(key, value)} ^ (result = null → ¬ ( ∃ v. (key, v) ∈ old content)) ∧ (result ≠ null → (key, result) ∈ old content)” */ { … } … Pre-condition requires that key } and value be non-null

  10. Modifies Clause class Hashtable { //: public ghost specvar content :: “(obj * obj) set” = “{}”; //: public ghost specvar init :: “bool” = “false”; public Object put(Object key, Object value) /*: requires “init ∧ key ≠ null ∧ value ≠ null” modifies content ensures “content = old content - {(key, result)} ∪ {(key, value)} ^ (result = null → ¬ ( ∃ v. (key, v) ∈ old content)) ∧ (result ≠ null → (key, result) ∈ old content)” */ { … } … • Modifies clause gives frame condition } • put method modifies only content

  11. Ensures Clause class Hashtable { //: public ghost specvar content :: “(obj * obj) set” = “{}”; //: public ghost specvar init :: “bool” = “false”; public Object put(Object key, Object value) /*: requires “init ∧ key ≠ null ∧ value ≠ null” modifies content ensures “content = old content - {(key, result)} ∪ {(key, value)} ^ (result = null → ¬ ( ∃ v. (key, v) ∈ old content)) ∧ (result ≠ null → (key, result) ∈ old content)” */ { … } … • Previous key-value binding is removed } • New binding is added

  12. Ensures Clause class Hashtable { //: public ghost specvar content :: “(obj * obj) set” = “{}”; //: public ghost specvar init :: “bool” = “false”; public Object put(Object key, Object value) /*: requires “init ∧ key ≠ null ∧ value ≠ null” modifies content ensures “content = old content - {(key, result)} ∪ {(key, value)} ^ (result = null → ¬ ( ∃ v. (key, v) ∈ old content)) ∧ (result ≠ null → (key, result) ∈ old content)” */ { … } … } Returns previously-bound value or null

  13. Hashtable Data Structure k 0 v 0 k 1 v 1 k 2 v 2 k 3 v 3 k 4 v 4 k 5 v 5

  14. Hashtable Data Structure k 0 v 0 k 1 v 1 k 2 v 2 k 3 v 3 Abstraction {< , >, …, < , >} k 0 v 0 k n v n k 4 v 4 k 5 v 5

  15. Abstraction Function /*: invariant ContentDef: “init → content = {(k,v). ( ∃ i. 0 ≤ i ∧ i < table.length ∧ (k,v) ∈ table[i].bucketContent)}” static ghost specvar bucketContent :: “obj ⇒ (obj * obj) set” = “ λ n. {}” invariant bucketContentNull: “null.bucketContent = {}” invariant bucketContentDef: “ ∀ x. x ∈ Node ∧ x ∈ alloc ∧ x ≠ null → x.bucketContent = {<x.key, x.value>} ∪ x.next.bucketContent ∧ ( ∀ v. (x.key, v) ∉ x.next.bucketContent)” invariant Coherence: “init → ( ∀ i k v. (k,v) ∈ table[i].bucketContent → i = hash k table.length)” static specvar hash :: “obj ⇒ int ⇒ int” vardefs “hash == λ k. ( λ n. (abs (hashFunc k)) mod n)” • Invariants static specvar abs :: “int ⇒ int” vardefs “abs == λ m. (if (m < 0) then -m else m)” • Dependent specification … variables */

  16. Abstraction Function /*: invariant ContentDef: “init → content = {(k,v). ( ∃ i. 0 ≤ i ∧ i < table.length ∧ (k,v) ∈ table[i].bucketContent)}” static ghost specvar bucketContent :: “obj ⇒ (obj * obj) set” = “ λ n. {}” invariant bucketContentNull: “null.bucketContent = {}” invariant bucketContentDef: “ ∀ x. x ∈ Node ∧ x ∈ alloc ∧ x ≠ null → x.bucketContent = {<x.key, x.value>} ∪ x.next.bucketContent ∧ ( ∀ v. (x.key, v) ∉ x.next.bucketContent)” invariant Coherence: “init → ( ∀ i k v. (k,v) ∈ table[i].bucketContent → i = hash k table.length)” static specvar hash :: “obj ⇒ int ⇒ int” vardefs “hash == λ k. ( λ n. (abs (hashFunc k)) mod n)” Hash table contents static specvar abs :: “int ⇒ int” consists of the contents vardefs “abs == λ m. (if (m < 0) then -m else m)” of all the buckets … */

  17. Abstraction Function /*: invariant ContentDef: “init → content = {(k,v). ( ∃ i. 0 ≤ i ∧ i < table.length ∧ (k,v) ∈ table[i].bucketContent)}” static ghost specvar bucketContent :: “obj ⇒ (obj * obj) set” = “ λ n. {}” invariant bucketContentNull: “null.bucketContent = {}” invariant bucketContentDef: “ ∀ x. x ∈ Node ∧ x ∈ alloc ∧ x ≠ null → x.bucketContent = {<x.key, x.value>} ∪ x.next.bucketContent ∧ ( ∀ v. (x.key, v) ∉ x.next.bucketContent)” invariant Coherence: “init → ( ∀ i k v. (k,v) ∈ table[i].bucketContent → i = hash k table.length)” static specvar hash :: “obj ⇒ int ⇒ int” vardefs “hash == λ k. ( λ n. (abs (hashFunc k)) mod n)” • Contents of each bucket static specvar abs :: “int ⇒ int” vardefs “abs == λ m. (if (m < 0) then -m else m)” defined recursively over … linked list */ • Keys are unique

  18. Abstraction Function /*: invariant ContentDef: “init → content = {(k,v). ( ∃ i. 0 ≤ i ∧ i < table.length ∧ (k,v) ∈ table[i].bucketContent)}” static ghost specvar bucketContent :: “obj ⇒ (obj * obj) set” = “ λ n. {}” invariant bucketContentNull: “null.bucketContent = {}” invariant bucketContentDef: “ ∀ x. x ∈ Node ∧ x ∈ alloc ∧ x ≠ null → x.bucketContent = {<x.key, x.value>} ∪ x.next.bucketContent ∧ ( ∀ v. (x.key, v) ∉ x.next.bucketContent)” invariant Coherence: “init → ( ∀ i k v. (k,v) ∈ table[i].bucketContent → i = hash k table.length)” static specvar hash :: “obj ⇒ int ⇒ int” vardefs “hash == λ k. ( λ n. (abs (hashFunc k)) mod n)” static specvar abs :: “int ⇒ int” Every key is in the vardefs “abs == λ m. (if (m < 0) then -m else m)” correct bucket … */

  19. Abstraction Function /*: invariant ContentDef: “init → content = {(k,v). ( ∃ i. 0 ≤ i ∧ i < table.length ∧ (k,v) ∈ table[i].bucketContent)}” static ghost specvar bucketContent :: “obj ⇒ (obj * obj) set” = “ λ n. {}” invariant bucketContentNull: “null.bucketContent = {}” invariant bucketContentDef: “ ∀ x. x ∈ Node ∧ x ∈ alloc ∧ x ≠ null → x.bucketContent = {<x.key, x.value>} ∪ x.next.bucketContent ∧ ( ∀ v. (x.key, v) ∉ x.next.bucketContent)” invariant Coherence: “init → ( ∀ i k v. (k,v) ∈ table[i].bucketContent → i = hash k table.length)” static specvar hash :: “obj ⇒ int ⇒ int” set expressions vardefs “hash == λ k. ( λ n. (abs (hashFunc k)) mod n)” static specvar abs :: “int ⇒ int” quantifiers vardefs “abs == λ m. (if (m < 0) then -m else m)” … */ lambda expressions

Recommend

Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification

Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification

Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification Compilers , concurrent programs , theorem provers Program equivalence / Compositional reasoning Compositional compiler verification

266 views • 3 slides
ECE 242 Data Structures Lecture 6 Linked Lists September 21, 2009 ECE242 L6: Linked Lists

ECE 242 Data Structures Lecture 6 Linked Lists September 21, 2009 ECE242 L6: Linked Lists

ECE 242 Data Structures Lecture 6 Linked Lists September 21, 2009 ECE242 L6: Linked Lists Overview Problem: Can we implement data structures using something other than arrays? Individual objects can be more flexible Use references

342 views • 16 slides
Linked Structures Songs, Games, Movies II Fall 2013 Carola Wenk Linked Lists x: y:

Linked Structures Songs, Games, Movies II Fall 2013 Carola Wenk Linked Lists x: y:

Linked Structures Songs, Games, Movies II Fall 2013 Carola Wenk Linked Lists x: y: hello world! The simplest dynamic structures is a linear ordering of data, called a linked list. We saw that is was easy to modify a

391 views • 17 slides
csci 210: Data Structures Linked lists Summary Today linked lists single-linked

csci 210: Data Structures Linked lists Summary Today linked lists single-linked

csci 210: Data Structures Linked lists Summary Today linked lists single-linked lists double-linked lists circular lists READING: LC chapter 4.1, 4.2, 4.3 Arrays vs. Linked Lists We ve seen arrays:

617 views • 34 slides
Linked Structures - Review Chapter 13 Instructor: Scott Kristjanson CMPT 125/125 SFU Burnaby,

Linked Structures - Review Chapter 13 Instructor: Scott Kristjanson CMPT 125/125 SFU Burnaby,

Linked Structures - Review Chapter 13 Instructor: Scott Kristjanson CMPT 125/125 SFU Burnaby, Fall 2013 Scope 2 Introduction to Linked Structures : Object references as links Linked vs. array-based structures Managing linked lists

683 views • 32 slides
Chapter 13 Linked Structures - Stacks Chapter Scope Object references as links Linked vs.

Chapter 13 Linked Structures - Stacks Chapter Scope Object references as links Linked vs.

Chapter 13 Linked Structures - Stacks Chapter Scope Object references as links Linked vs. array-based structures Managing linked lists Linked implementation of a stack Java Foundations, 3rd Edition, Lewis/DePasquale/Chase 13 - 2

619 views • 32 slides
16. Dynamic Data Structures so that it can be used efficiently Linked lists, Abstract data types

16. Dynamic Data Structures so that it can be used efficiently Linked lists, Abstract data types

Data Structures A data structure is a particular way of organizing data in a computer 16. Dynamic Data Structures so that it can be used efficiently Linked lists, Abstract data types stack, queue 446 447 Motivation: Stack Examples using a

258 views • 7 slides
Functional Data Structures [C. Okasaki, Simple and efficient purely functional queues and deques ,

Functional Data Structures [C. Okasaki, Simple and efficient purely functional queues and deques ,

Functional Data Structures [C. Okasaki, Simple and efficient purely functional queues and deques , J. of Functional Programming, 5(4), 583-592, 1995] [H. Kaplan, R. Tarjan, Purely functional, real-time deques with catenation , Journal of the ACM,

368 views • 8 slides
Self-referential Structures A basic data type (building block) for complex data structures

Self-referential Structures A basic data type (building block) for complex data structures

4/8/14 Self-referential Structures A basic data type (building block) for complex data structures such as trees and linked lists. Linked List Structure tags (i.e. tnode , node ) are required for self-referential structure

257 views • 3 slides
CSCI 136 Data Structures &amp; Advanced Programming Doubly Linked Lists Fall 2020 Bill J Bill

CSCI 136 Data Structures &amp; Advanced Programming Doubly Linked Lists Fall 2020 Bill J Bill

CSCI 136 Data Structures &amp; Advanced Programming Doubly Linked Lists Fall 2020 Bill J Bill L null null This Video Continue discussing lists w/ linked structures Singly Linked Lists Circularly Linked Lists Doubly Linked

439 views • 11 slides
An unsophisticated cooperative approach to prefetching linked data structures Alexander Galazin

An unsophisticated cooperative approach to prefetching linked data structures Alexander Galazin

An unsophisticated cooperative approach to prefetching linked data structures Alexander Galazin Murad Neiman-zade JSC MCST, Moscow EPIC-8, April 24, 2010 An unsophisticated cooperative approach to prefetching linked data structures

962 views • 11 slides
Linked Structures Chapter 13 Instructor: Scott Kristjanson CMPT 125/125 SFU Burnaby, Fall 2013

Linked Structures Chapter 13 Instructor: Scott Kristjanson CMPT 125/125 SFU Burnaby, Fall 2013

Linked Structures Chapter 13 Instructor: Scott Kristjanson CMPT 125/125 SFU Burnaby, Fall 2013 Scope 2 Introduction to Linked Structures : Object references as links Linked vs. array-based structures Managing linked lists

665 views • 35 slides
Linked Data Structures II: Doubly-Linked Lists 1 October 2020 OSU CSE 1 Sequential Access

Linked Data Structures II: Doubly-Linked Lists 1 October 2020 OSU CSE 1 Sequential Access

Linked Data Structures II: Doubly-Linked Lists 1 October 2020 OSU CSE 1 Sequential Access Sequential access usually means accessing the entries of a collection (with a string model) in increasing order of position, by accessing the

463 views • 23 slides
Algorithms and Data Structures: Overview Algorithms and data structures Data Abstraction,

Algorithms and Data Structures: Overview Algorithms and data structures Data Abstraction,

Algorithms and Data Structures: Overview Algorithms and data structures Data Abstraction, Ch. 3 Linked lists, Ch. 4 Recursion, Ch. 5 Stacks, Ch. 6 Queues, Ch. 7 Algorithm Efficiency and Sorting, Ch. 9 Trees, Ch. 10

730 views • 44 slides
Purely Functional Data Structures and Monoids Donnacha Ois n Kidney May 9, 2020 1 Purely

Purely Functional Data Structures and Monoids Donnacha Ois n Kidney May 9, 2020 1 Purely

Purely Functional Data Structures and Monoids Donnacha Ois n Kidney May 9, 2020 1 Purely Functional Data Structures Why Do We Need Them? Why do pure functional languages need a different way to do data structures? Why cant we just

1.5k views • 148 slides
Functional Data Structures Sept 1, 2017 (Multiple diagrams from Purely Functional

Functional Data Structures Sept 1, 2017 (Multiple diagrams from Purely Functional

Functional Data Structures Sept 1, 2017 (Multiple diagrams from Purely Functional Datastructures by Chris Okasaki) CSE 662 - Database Languages &amp; Runtimes 1 Mutable vs Immutable X = [ Alice, Bob, Carol, Dave ] Alice Bob Carol

529 views • 24 slides
Algorithms and Data Structures Linked Lists, Binary Search Trees Albert-Ludwigs-Universitt

Algorithms and Data Structures Linked Lists, Binary Search Trees Albert-Ludwigs-Universitt

Algorithms and Data Structures Linked Lists, Binary Search Trees Albert-Ludwigs-Universitt Freiburg Prof. Dr. Rolf Backofen Bioinformatics Group / Department of Computer Science Algorithms and Data Structures, January 2019 Structure Sorted

846 views • 59 slides
Purely Functional Data Structures Kristjan Vedel November 18, 2012 Abstract This paper gives an

Purely Functional Data Structures Kristjan Vedel November 18, 2012 Abstract This paper gives an

Purely Functional Data Structures Kristjan Vedel November 18, 2012 Abstract This paper gives an introduction and short overview of various topics related to purely functional data structures. First the concept of persistent and purely

297 views • 16 slides
Computer Science 210: Data Structures Linked lists Arrays vs. Linked Lists We ve seen

Computer Science 210: Data Structures Linked lists Arrays vs. Linked Lists We ve seen

Computer Science 210: Data Structures Linked lists Arrays vs. Linked Lists We ve seen arrays: int[] a = new int[10]; a is a chunk of memory of size 10 x sizeof(int) a has a fixed size a[0] a[1] a[2] ... a[9]

691 views • 33 slides
(rooted) trees Oct. 23, 2017 1 Linear Data Structures linked list array Non-Linear Data

(rooted) trees Oct. 23, 2017 1 Linear Data Structures linked list array Non-Linear Data

COMP 250 Lecture 19 (rooted) trees Oct. 23, 2017 1 Linear Data Structures linked list array Non-Linear Data Structures tree graph 2 Tree Example: Organization Hierarchy (McGill) 3

784 views • 40 slides
CS261 Data Structures Linked Lists - Introduction Dynamic Arrays Revisited Dynamic array can

CS261 Data Structures Linked Lists - Introduction Dynamic Arrays Revisited Dynamic array can

CS261 Data Structures Linked Lists - Introduction Dynamic Arrays Revisited Dynamic array can sometimes be slow When? Why? Linked Lists to the Rescue Dynamic Array Linked List in memory in memory da LL Alan Newell data head a

420 views • 15 slides
COMP 213 Advanced Object-oriented Programming Lecture 13 Linked Lists. Linked Lists The

COMP 213 Advanced Object-oriented Programming Lecture 13 Linked Lists. Linked Lists The

COMP 213 Advanced Object-oriented Programming Lecture 13 Linked Lists. Linked Lists The array and the linked list are the two primary building blocks for the more complex data structures. Difference: underlying layout of the data in

760 views • 62 slides
Struktur Data &amp; Algoritme ( Data Structures &amp; Algorithms ) Linked-List Denny (

Struktur Data &amp; Algoritme ( Data Structures &amp; Algorithms ) Linked-List Denny (

Struktur Data &amp; Algoritme ( Data Structures &amp; Algorithms ) Linked-List Denny ( denny@cs.ui.ac.id ) Suryana Setiawan ( setiawan@cs.ui.ac.id ) Fakultas I lm u Kom puter Universitas I ndonesia Sem ester Genap - 2 0 0 4 / 2 0 0 5 Version 2

562 views • 25 slides
Introduction to Object-Oriented Programming Linked Lists Christopher Simpkins

Introduction to Object-Oriented Programming Linked Lists Christopher Simpkins

Introduction to Object-Oriented Programming Linked Lists Christopher Simpkins chris.simpkins@gatech.edu CS 1331 (Georgia Tech) 1 / 13 Linked Lists Linked Lists Dynamic data structures Singly linked lists Generic linked lists Doubly linked

179 views • 13 slides

More recommend