1 / 12

Automated Verification of Immutable Lists and Concurrent Programs with HIP and SLEEK

This document explores the automated verification techniques using HIP and SLEEK for manipulating immutable data structures such as linked lists and for ensuring correctness in concurrent programming. It provides examples of list length calculation, appending nodes to immutable lists, and demonstrates the handling of aliasing and memory safety. Detailed specifications ensure shared mutable accesses do not lead to data races or deadlocks, highlighting the importance of functional correctness in concurrent environments. This work aims to make formal verification more concise and accurate.

annot
Télécharger la présentation

Automated Verification of Immutable Lists and Concurrent Programs with HIP and SLEEK

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automated Verification withHIP and SLEEK Asankhaya Sharma

  2. Recall the List length Example int length(struct node* p)/*@requires p::list<n,B>ensures p::list<n,B> & res=n;*/{ if(p == NULL) return 0; else return 1 + length(p->next);} Memory Safety Length of the List Bag of Values

  3. With Immutability int length(struct node* p)/*@requires p::list<>@I ensures res=n;*/{ if(p == NULL) return 0; else return 1 + length(p->next);} With Immutability Annotation More concise and precise specification

  4. Recall the List Append Example void append(node* x, node* y)requires x::list<n> & x != null & x = yensures requires x::list<n> & x != null ensures{ if(x->next==NULL) x->next=y; else append(x->next,y);} x::clist<n> x::lseg<y,n>

  5. With Immutability void append(node* x, node* y)requires x::lseg<p>@I * p::node<a,null>ensures p::node<a,y>{ if(x->next==NULL) x->next=y; else append(x->next,y);} Immutable List Segment Cut point preservation

  6. Aliasing Example int foo(cell x, cell y)requires x::cell<a> * y::cell<b> ensures x::cell<a> * y::cell<b> & res = a+b requires x::cell<a> & x = yensures x::cell<a> & res = 2*a;{ return x.val + y.val;}

  7. Heap Sharing with Immutability int foo(cell x, cell y)requires x::cell<a>@I &y::cell<b>@Iensures res = a+b{ return x.val + y.val;} Allows Aliasing

  8. Immutable Specifications • Many programs do not change their input • Use immutable specifications, where possible • More information (about the code) • More concise (for multiple pre/post) • More accurate (as cut points are preserved) • More efficient (as less folding is needed) • More control (don’t modify data)

  9. Verification of Concurrent Programs • Fork/join concurrency + (mutex) locks + barriers • Properties • Functional correctness • Data-race freedom • Deadlock freedom • Permission-based heaps, e.g. x::cell(0.5)<1> * y::cell(0.5)<2>

  10. Example : thread as resource data cell { intval;} • void thread1 (cell x) requires x::cell<0> * y::cell<0>ensures x::cell<1> * y::cell<2> ; • { x.val = x.val + 1; • y.val = y.val + 2;} • void thread2 (thrd t1, cell y) requires t1::thrd<y::cell<2>>ensures y::cell<4> ;{ join(t1); • y.val = y.val + 2;} void main() requires true ensure true; { cell x = new cell(0); • cell y = new cell(0); • thrd t1 = fork(thread1,x,y); • //{t1::thrd<x::cell<1> * y::cell<2>>} • //{t1::thrd<x::cell<1>> * t1::thread<y::cell<2>>} • thrd t2 = fork(thread2,t1,y); • //{t1::thrd<x::cell<1>> • join(t1); • x.val = x.val + 1; • join(t2); • assert( x::cell<2> * y::cell<4> ); }

  11. Example main x,y thread1 x,y thrd t1 = fork(thread1,x,y); t1 thread2 thrd t2 = fork(thread2,t1,y); t1 t1,t2 x y join(t1); join(t1); multi-join t2,x y join(t2); x,y

  12. Further Reading • David, Cristina, and Wei-Ngan Chin. "Immutable specifications for more concise and precise verification." In ACM SIGPLAN Notices, vol. 46, no. 10, pp. 359-374. ACM, 2011.

More Related