Abstract
Programs manipulating mutable data structures with intrinsic sharing present a challenge for modular verification. Deep aliasing inside data structures dramatically complicates reasoning in isolation over parts of these objects because changes to one part of the structure (say, the left child of a dag node) can affect other parts (the right child or some of its descendants) that may point into it. The result is that finding intuitive and compositional proofs of correctness is usually a struggle. We propose a compositional proof system that enables local reasoning in the presence of sharing.
While the AI "frame problem" elegantly captures the reasoning required to verify programs without sharing, we contend that natural reasoning about programs with sharing instead requires an answer to a different and more challenging AI problem, the "ramification problem": reasoning about the indirect consequences of actions. Accordingly, we present a RAMIFY proof rule that attacks the ramification problem head-on and show how to reason with it. Our framework is valid in any separation logic and permits sound compositional and local reasoning in the context of both specified and unspecified sharing. We verify the correctness of a number of examples, including programs that manipulate dags, graphs, and overlaid data structures in nontrivial ways.
Supplemental Material
- R. Bornat, C. Calcagno, and P. O'Hearn. Local reasoning, separation and aliasing. In SPACE, 2004.Google Scholar
- R. Bornat, C. Calcagno, and H. Yang. Variables as resource in separation logic. ENTCS, 155, 2006. Google Scholar
Digital Library
- R. Bornat. Proving pointer programs in Hoare logic. In MPC, 2000. Google Scholar
Digital Library
- R. Cherini and J. O. Blanco. Local reasoning for abstraction and sharing. In SAC, 2009. Google Scholar
Digital Library
- C. J. Cheney. A nonrecursive list compacting algorithm. C. ACM, 13(11), 1970. Google Scholar
Digital Library
- C. Calcagno, P. W. O'Hearn, and H. Yang. Local action and abstract separation logic. In LICS, 2007. Google Scholar
Digital Library
- R. Dockins, A. Hobor, and A. W. Appel. A fresh look at separation algebras and share accounting. In APLAS, 2009. Google Scholar
Digital Library
- J. Finger. Exploiting constraints in design synthesis. PhD thesis, Stanford University, 1987. Google Scholar
Digital Library
- H. Gast. Developer-oriented correctness proofs - a case study of Cheney's algorithm. In ICFEM, 2011. Google Scholar
Digital Library
- P. Gardner, S. Maffeis, and G. D. Smith. Towards a program logic for JavaScript. In POPL, 2012. Google Scholar
Digital Library
- A. Hobor, A. W. Appel, and F. Zappa Nardelli. Oracle semantics for concurrent separation logic. In ESOP, 2008. Google Scholar
Digital Library
- A. Hobor, R. Dockins, and A. W. Appel. A logical mix of approximation and separation. In APLAS, ENTCS, 2010. Google Scholar
Digital Library
- C. Hawblitzel and E. Petrank. Automated verification of practical garbage collectors. In POPL, 2009. Google Scholar
Digital Library
- S. S. Ishtiaq and P. W. O'Hearn. BI as an assertion language for mutable data structures. In POPL, 2001. Google Scholar
Digital Library
- N. Krishnaswami, L. Birkedal, and J. Aldrich. Verifying event-driven programs using ramified frame properties. In TLDI, 2010. Google Scholar
Digital Library
- K. R. M. Leino. Dafny: An automatic program verifier for functional correctness. In LPAR, 2010. Google Scholar
Digital Library
- J. M. Lucassen and D. K. Gifford. Polymorphic effect systems. In POPL, 1988. Google Scholar
Digital Library
- O. Lee, H. Yang, and R. Petersen. Program analysis for overlaid data structures. In CAV, 2011. Google Scholar
Digital Library
- N. Marti, R. Affeldt, and A. Yonezawa. Formal verification of the heap manager of an operating system using separation logic. In ICFEM, 2006. Google Scholar
Digital Library
- F. Mehta and T. Nipkow. Proving pointer programs in higher-order logic. Inf. Comput., 199(1--2), 2005. Google Scholar
Digital Library
- H. Mehnert, F. Sieczkowski, L. Birkedal, and P. Sestoft. Formalized verification of snapshotable trees: Separation and sharing. In VSTTE, 2012. Google Scholar
Digital Library
- R. Manevich, S. Sagiv, G. Ramalingam, and J. Field. Partially disjunctive heap abstraction. In SAS, 2004.Google Scholar
Cross Ref
- J. C. Reynolds. Intuitionistic reasoning about shared mutable data structure. In Millennial Perspectives in Computer Science, Cornerstones of Computing, 2000.Google Scholar
- J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In LICS, 2002. Google Scholar
Digital Library
- J. C. Reynolds. A short course on separation logic. http://www.cs.cmu.edu/afs/cs.cmu.edu/project/fox-19/member/jcr/wwwaac2003/notes7.ps, 2003.Google Scholar
- M. Thielscher. The qualification problem: A solution to the problem of anomalous models. Artificial Intelligence, 131(1), 2001. Google Scholar
Digital Library
- N. Torp-Smith, L. Birkedal, and J. C. Reynolds. Local reasoning about a copying garbage collector. ACM TOPLAS, 30(4), 2008. Google Scholar
Digital Library
- A. Urquhart. Semantics for relevant logics. J. Symb. Log., 37(1), 1972.Google Scholar
Cross Ref
- V. Vafeiadis. Modular fine-grained concurrency verification. PhD thesis, University of Cambridge, 2007.Google Scholar
- V. Vafeiadis and M. J. Parkinson. A marriage of rely/guarantee and separation logic. In CONCUR, 2007. Google Scholar
Digital Library
- T. Wies, V. Kuncak, P. Lam, A. Podelski, and M. C. Rinard. Field constraint analysis. In VMCAI, 2006. Google Scholar
Digital Library
- H. Yang. Local Reasoning for Stateful Programs. PhD thesis, University of Illinois, 2001. Google Scholar
Digital Library
Index Terms
The ramifications of sharing in data structures
Recommendations
The ramifications of sharing in data structures
POPL '13: Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesPrograms manipulating mutable data structures with intrinsic sharing present a challenge for modular verification. Deep aliasing inside data structures dramatically complicates reasoning in isolation over parts of these objects because changes to one ...
Natural proofs for structure, data, and separation
PLDI '13We propose natural proofs for reasoning with programs that manipulate data-structures against specifications that describe the structure of the heap, the data stored within it, and separation and framing of sub-structures. Natural proofs are a subclass ...
Natural proofs for structure, data, and separation
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and ImplementationWe propose natural proofs for reasoning with programs that manipulate data-structures against specifications that describe the structure of the heap, the data stored within it, and separation and framing of sub-structures. Natural proofs are a subclass ...







Comments