360 likes | 395 Views
Verifying the Composite Pattern using Separation Logic. Bart Jacobs Jan Smans Frank Piessens Katholieke Universiteit Leuven, Belgium. Overview. General Idea Example: Binary Tree Interface Client Specification Client Proof Implementation and Implementation Proof
E N D
Verifying the Composite Pattern using Separation Logic Bart Jacobs Jan Smans Frank Piessens Katholieke Universiteit Leuven, Belgium
Overview • General Idea • Example: Binary Tree • Interface • Client • Specification • Client Proof • Implementation and Implementation Proof • Non-contiguous Focus Changes • Demonstration • Conclusion
General Idea Module Client Invariant
Example: Binary TreeSpecification: Datatype tree n0 n1 n2 n3 tree(n0, tree(n1, tree(n2, nil, nil), tree(n3, nil, nil)), nil)
Example: Binary TreeSpec’n: Pure function count n0 n1 n2 n3 count(tree(n0, tree(n1, tree(n2, nil, nil), tree(n3, nil, nil)), nil)) = 4
Example: Binary TreeSpec’n: Datatype context root left_context(root, n0, nil) right_context(left_context(root, n0, nil), n1, tree(n2, nil, nil)) n0 n0 n1 n2
Example: Binary TreeSpec’n: Predicate tree focus node memory region tree(n0, root, tree(n0, tree(n1, tree(n2, nil, nil), tree(n3, nil, nil)), nil)) n0 n1 n2 n3
Example: Binary TreeSpec’n: Predicate tree memory region n0 tree(n1, left_context(root, n0, nil), tree(n1, tree(n2, nil, nil), tree(n3, nil, nil))) focus node n1 n2 n3
Example: Binary TreeSpec’n: Predicate tree memory region n0 tree(n3, right_context( left_context(root, n0, nil), n1, tree(n2, nil, nil)), tree(n3, nil, nil)) n1 n2 n3 focus node
Example: Binary TreeSpec’n: Function create_tree focus node result
Example: Binary TreeSpec’n: Function tree_add_left focus node c c node node result r r focus node
Example: Binary TreeSpec’n: Function tree_get_count focus node focus node c c node node t t
Example: Binary TreeSpec’n: Function tree_get_parent (case left_context) focus node pns pns p p node node t r t r focus node
Example: Binary TreeSpec’n: Function tree_dispose focus node node
Example: Binary TreeImplementation: predicate tree focus node context(node, parent, count(subtree), c) c node c node node subtree subtree(node, parent, subtree) subtree
Example: Binary TreeImplementation: predicate subtree left left-Nodes node->left |-> left node node->right |-> right left right right node->parent |-> parent left-Nodes right-Nodes right-Nodes node->count |-> count(t) malloc_block_node(node)
Example: Binary TreeImplementation: predicate context pns p p->left |-> n pns p p->right |-> right n right right p->parent |-> gp r r p->count |-> pcount malloc_block_node(p)
Overview • General Idea • Example: Binary Tree • Interface • Client • Specification • Client Proof • Implementation and Implementation Proof • Non-contiguous Focus Changes • Demonstration • Conclusion
Non-contiguous Focus ChangesAdditional Specification Elements
Overview • General Idea • Example: Binary Tree • Interface • Client • Specification • Client Proof • Implementation and Implementation Proof • Non-contiguous Focus Changes • Demonstration • Conclusion
Overview • General Idea • Example: Binary Tree • Interface • Client • Specification • Client Proof • Implementation and Implementation Proof • Non-contiguous Focus Changes • Demonstration • Conclusion
Conclusion • Approach: • Structure = 1 seplogic predicate • In proof: Separate out focus node • In client: Change focus node using lemma • VeriFast: www.cs.kuleuven.be/~bartj/verifast