Verifying the Composite Pattern using Separation Logic Bart Jacobs Jan Smans Frank Piessens Katholieke Universiteit Leuven, Belgium
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Overview � General Idea � Example: Binary Tree � Interface � Client � Specification � Client Proof � Implementation and Implementation Proof � Non-contiguous Focus Changes � Demonstration � Conclusion
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic General Idea Module Client Invariant
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Interface
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Client
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Specification
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Specification: Datatype tree n0 n1 n2 n3 tree(n0, tree(n1, tree(n2, nil, nil), tree(n3, nil, nil)), nil)
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Spec’n: Pure function count n0 n1 n2 n3 count(tree(n0, tree(n1, tree(n2, nil, nil), tree(n3, nil, nil)), nil)) = 4
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Spec’n: Datatype context root left_context(root, n0, nil) right_context(left_context(root, n0, nil), n1, tree(n2, nil, nil)) n0 n0 n1 n2
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Spec’n: Predicate tree focus node memory region n0 tree(n0, root, n1 tree(n0, tree(n1, tree(n2, nil, nil), n2 n3 tree(n3, nil, nil)), nil))
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Spec’n: Predicate tree memory region n0 tree(n1, focus node n1 left_context(root, n0, nil), tree(n1, tree(n2, nil, nil), n2 n3 tree(n3, nil, nil)))
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Spec’n: Predicate tree memory region n0 tree(n3, n1 right_context( left_context(root, n0, nil), n1, n2 n3 tree(n2, nil, nil)), tree(n3, nil, nil)) focus node
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Spec’n: Function create_tree focus node result
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Spec’n: Function tree_add_left focus node c c node node result focus node r r
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Spec’n: Function tree_get_count focus node focus node c c node node t t
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Spec’n: Function tree_get_parent (case left_context) focus node pns pns p p node node t r t r focus node
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Spec’n: Function tree_dispose focus node node
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Client Proof
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Implementation: struct node
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Implementation: predicate tree focus node context(node, parent, c count(subtree), c) node c node node subtree(node, subtree parent, subtree) subtree
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Implementation: predicate subtree left left- Nodes node-> left | -> left node node-> right | -> right left right right node-> parent | -> parent left- right- right- node-> count | -> count(t) Nodes Nodes Nodes malloc_block_node(node)
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Implementation: predicate context pns p p-> left | -> n pns p-> right | -> right p n right right p-> parent | -> gp p-> count | -> pcount r r malloc_block_node(p)
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Implementation: function create_tree
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Impl’n: function subtree_get_count
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Impl’n: function fixup_ancestors
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Impl’n: function tree_add_left
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Impl’n: function tree_get_count
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Example: Binary Tree Impl’n: function tree_get_parent
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Overview � General Idea � Example: Binary Tree � Interface � Client � Specification � Client Proof � Implementation and Implementation Proof � Non-contiguous Focus Changes � Demonstration � Conclusion
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Non-contiguous Focus Changes Example Client Program
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Non-contiguous Focus Changes Additional Specification Elements
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Non-contiguous Focus Changes Proof of Example Client Program
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Non-contiguous Focus Changes Proof of lemma change_focus
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Overview � General Idea � Example: Binary Tree � Interface � Client � Specification � Client Proof � Implementation and Implementation Proof � Non-contiguous Focus Changes � Demonstration � Conclusion
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Overview � General Idea � Example: Binary Tree � Interface � Client � Specification � Client Proof � Implementation and Implementation Proof � Non-contiguous Focus Changes � Demonstration � Conclusion
Bart Jacobs, Jan Smans, Frank Piessens - Verifying the Composite Pattern using Separation Logic Conclusion � Approach: � Structure = 1 seplogic predicate � In proof: Separate out focus node � In client: Change focus node using lemma � VeriFast: www.cs.kuleuven.be/ ~ bartj/ verifast
Recommend
More recommend