Formalized Verification of Snapshotable Trees: Separation and Sharing

We use separation logic to specify and verify a Java program that implements snapshotable search trees, fully formalizing the specification and verification in the Coq proof assistant. We achieve local and modular reasoning about a tree and its snapshots and their iterators, although the implementation involves shared mutable heap data structures with no separation or ownership relation between the various data. The paper also introduces a series of four increasingly sophisticated implementations and verifies the first one. The others are included as future work and as a set of challenge problems for full functional specification and verification, whether by separation logic or by other formalisms.

[1]  Viktor Vafeiadis,et al.  Structuring the verification of heap-manipulating programs , 2010, POPL '10.

[2]  Philippa Gardner,et al.  Abstraction and Refinement for Local Reasoning , 2010, VSTTE.

[3]  Hannes Mehnert Kopitiam: Modular Incremental Interactive Full Functional Static Verification of Java Code , 2011, NASA Formal Methods.

[4]  Lars Birkedal,et al.  Verifying event-driven programs using ramified frame properties , 2010, TLDI '10.

[5]  Viktor Vafeiadis,et al.  Concurrent Abstract Predicates , 2010, ECOOP.

[6]  Arne Andersson,et al.  Balanced Search Trees Made Simple , 1993, WADS.

[7]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[8]  Robert E. Tarjan,et al.  Making data structures persistent , 1986, STOC '86.

[9]  Peter Sestoft,et al.  The C5 Generic Collection Library for C# and CLI , 2006 .

[10]  Jim Woodcock,et al.  Mechanized Verification with Sharing , 2010 .

[11]  Theo D'Hondt ECOOP 2010 - Object-Oriented Programming, 24th European Conference, Maribor, Slovenia, June 21-25, 2010. Proceedings , 2010, ECOOP.

[12]  Lars Birkedal,et al.  A Realizability Model for Impredicative Hoare Type Theory , 2008, ESOP.

[13]  J. Ivey,et al.  Ann Arbor, Michigan , 1969 .

[14]  Lars Birkedal,et al.  Verifying Object-Oriented Programs with Higher-Order Separation Logic in Coq , 2011, ITP.

[15]  Niklaus Wirth,et al.  Algorithms and Data Structures , 1989, Lecture Notes in Computer Science.

[16]  Lars Birkedal,et al.  BI-hyperdoctrines, higher-order separation logic, and abstraction , 2007, TOPL.

[17]  Jonathan Aldrich,et al.  Verifying Higher-Order Imperative Programs with Higher-Order Separation Logic , 2012 .

[18]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[19]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[20]  Leonidas J. Guibas,et al.  A dichromatic framework for balanced trees , 1978, 19th Annual Symposium on Foundations of Computer Science (sfcs 1978).

[21]  Gavin M. Bierman,et al.  Separation logic and abstraction , 2005, POPL '05.

[22]  Lars Birkedal,et al.  Ynot: dependent types for imperative programs , 2008, ICFP.

[23]  Lars Birkedal,et al.  Verifying Generics and Delegates , 2010, ECOOP.

[24]  Frank Wolter,et al.  Monodic fragments of first-order temporal logics: 2000-2001 A.D , 2001, LPAR.