1 / 36

Verifying the Composite Pattern using Separation Logic

Verifying the Composite Pattern using Separation Logic. Bart Jacobs Jan Smans Frank Piessens Katholieke Universiteit Leuven, Belgium. Overview. General Idea Example: Binary Tree Interface Client Specification Client Proof Implementation and Implementation Proof

fall
Download Presentation

Verifying the Composite Pattern using Separation Logic

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verifying the Composite Pattern using Separation Logic Bart Jacobs Jan Smans Frank Piessens Katholieke Universiteit Leuven, Belgium

  2. Overview • General Idea • Example: Binary Tree • Interface • Client • Specification • Client Proof • Implementation and Implementation Proof • Non-contiguous Focus Changes • Demonstration • Conclusion

  3. General Idea Module Client Invariant

  4. Example: Binary TreeInterface

  5. Example: Binary TreeClient

  6. Example: Binary TreeSpecification

  7. Example: Binary TreeSpecification: Datatype tree n0 n1 n2 n3 tree(n0, tree(n1, tree(n2, nil, nil), tree(n3, nil, nil)), nil)

  8. Example: Binary TreeSpec’n: Pure function count n0 n1 n2 n3 count(tree(n0, tree(n1, tree(n2, nil, nil), tree(n3, nil, nil)), nil)) = 4

  9. Example: Binary TreeSpec’n: Datatype context root left_context(root, n0, nil) right_context(left_context(root, n0, nil), n1, tree(n2, nil, nil)) n0 n0 n1 n2

  10. Example: Binary TreeSpec’n: Predicate tree focus node memory region tree(n0, root, tree(n0, tree(n1, tree(n2, nil, nil), tree(n3, nil, nil)), nil)) n0 n1 n2 n3

  11. Example: Binary TreeSpec’n: Predicate tree memory region n0 tree(n1, left_context(root, n0, nil), tree(n1, tree(n2, nil, nil), tree(n3, nil, nil))) focus node n1 n2 n3

  12. Example: Binary TreeSpec’n: Predicate tree memory region n0 tree(n3, right_context( left_context(root, n0, nil), n1, tree(n2, nil, nil)), tree(n3, nil, nil)) n1 n2 n3 focus node

  13. Example: Binary TreeSpec’n: Function create_tree focus node result

  14. Example: Binary TreeSpec’n: Function tree_add_left focus node c c node node result r r focus node

  15. Example: Binary TreeSpec’n: Function tree_get_count focus node focus node c c node node t t

  16. Example: Binary TreeSpec’n: Function tree_get_parent (case left_context) focus node pns pns p p node node t r t r focus node

  17. Example: Binary TreeSpec’n: Function tree_dispose focus node node

  18. Example: Binary TreeClient Proof

  19. Example: Binary TreeImplementation: struct node

  20. Example: Binary TreeImplementation: predicate tree focus node context(node, parent, count(subtree), c) c node c node node subtree subtree(node, parent, subtree) subtree

  21. Example: Binary TreeImplementation: predicate subtree left left-Nodes node->left |-> left node node->right |-> right left right right node->parent |-> parent left-Nodes right-Nodes right-Nodes node->count |-> count(t) malloc_block_node(node)

  22. Example: Binary TreeImplementation: predicate context pns p p->left |-> n pns p p->right |-> right n right right p->parent |-> gp r r p->count |-> pcount malloc_block_node(p)

  23. Example: Binary TreeImplementation: function create_tree

  24. Example: Binary TreeImpl’n: function subtree_get_count

  25. Example: Binary TreeImpl’n: function fixup_ancestors

  26. Example: Binary TreeImpl’n: function tree_add_left

  27. Example: Binary TreeImpl’n: function tree_get_count

  28. Example: Binary TreeImpl’n: function tree_get_parent

  29. Overview • General Idea • Example: Binary Tree • Interface • Client • Specification • Client Proof • Implementation and Implementation Proof • Non-contiguous Focus Changes • Demonstration • Conclusion

  30. Non-contiguous Focus ChangesExample Client Program

  31. Non-contiguous Focus ChangesAdditional Specification Elements

  32. Non-contiguous Focus ChangesProof of Example Client Program

  33. Non-contiguous Focus ChangesProof of lemma change_focus

  34. Overview • General Idea • Example: Binary Tree • Interface • Client • Specification • Client Proof • Implementation and Implementation Proof • Non-contiguous Focus Changes • Demonstration • Conclusion

  35. Overview • General Idea • Example: Binary Tree • Interface • Client • Specification • Client Proof • Implementation and Implementation Proof • Non-contiguous Focus Changes • Demonstration • Conclusion

  36. Conclusion • Approach: • Structure = 1 seplogic predicate • In proof: Separate out focus node • In client: Change focus node using lemma • VeriFast: www.cs.kuleuven.be/~bartj/verifast

More Related