Modular verification of linked lists with views via separation logic

We present a separation logic specification and verification of linked lists with views, a data structure from the C5 collection library for C#. A view is a generalization of the well-known concept of an iterator. Linked lists with views form an interesting case study for verification since they allow mutation of multiple possibly-overlapping views of the same underlying list. For modularity, we present our specification in a fragment of higher-order separation logic and use abstract predicates to give a specification with respect to which clients can be proved correct. We introduce a novel mathematical model of lists with views, and formulate succinct modular abstract specifications of the operations on the data structure. To show that the concrete implementation realizes the specification, we use fractional permissions in a novel way to capture the sharing of data between views and their underlying list. We conclude by suggesting directions for future research that arose from conducting this case study.

[1]  Viktor Vafeiadis,et al.  Modular Safety Checking for Fine-Grained Concurrency , 2007, SAS.

[2]  Gary T. Leavens,et al.  Beyond Assertions: Advanced Specification and Verification with JML and ESC/Java2 , 2005, FMCO.

[3]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.

[4]  C. A. R. Hoare,et al.  Proof of correctness of data representations , 1972, Acta Informatica.

[5]  Joshua J. Bloch Effective Java : programming language guide , 2001 .

[6]  Lars Birkedal,et al.  Design patterns in separation logic , 2009, TLDI '09.

[7]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[8]  Christian Haack,et al.  Resource Usage Protocols for Iterators , 2009, J. Object Technol..

[9]  Peter W. O'Hearn,et al.  BI as an assertion language for mutable data structures , 2001, POPL '01.

[10]  Viktor Vafeiadis,et al.  Concurrent Abstract Predicates , 2010, ECOOP.

[11]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[12]  Yang Zhao,et al.  Iterators can be Independent “ from ” Their Collections , 2007 .

[13]  Lars Birkedal,et al.  Verifying Generics and Delegates , 2010, ECOOP.

[14]  Gavin M. Bierman,et al.  Separation logic and abstraction , 2005, POPL '05.

[15]  Jonas Braband Jensen Specification and validation of data structures using separation logic , 2010 .

[16]  Matthew J. Parkinson,et al.  Local reasoning for Java , 2005 .

[17]  Lars Birkedal,et al.  BI Hyperdoctrines and Higher-Order Separation Logic , 2005, ESOP.

[18]  Peter Sestoft,et al.  The C5 Generic Collection Library for C# and CLI , 2006 .

[19]  Anindya Banerjee,et al.  Regional Logic for Local Reasoning about Global Invariants , 2008, ECOOP.

[20]  Peter W. O'Hearn,et al.  Permission accounting in separation logic , 2005, POPL '05.

[21]  Gavin M. Bierman,et al.  Separation logic, abstraction and inheritance , 2008, POPL '08.

[22]  Peter W. O'Hearn,et al.  BI as an assertion language for mutable data structures , 2001, POPL '01.

[23]  Manuel Fähndrich,et al.  Embedded contract languages , 2010, SAC '10.