skip to main content
research-article
Open Access
Artifacts Available
Artifacts Evaluated & Functional

Certifying graph-manipulating C programs via localizations within data structures

Published:10 October 2019Publication History
Skip Abstract Section

Abstract

We develop powerful and general techniques to mechanically verify realistic programs that manipulate heap-represented graphs. These graphs can exhibit well-known organization principles, such as being a directed acyclic graph or a disjoint-forest; alternatively, these graphs can be totally unstructured. The common thread for such structures is that they exhibit deep intrinsic sharing and can be expressed using the language of graph theory. We construct a modular and general setup for reasoning about abstract mathematical graphs and use separation logic to define how such abstract graphs are represented concretely in the heap. We develop a Localize rule that enables modular reasoning about such programs, and show how this rule can support existential quantifiers in postconditions and smoothly handle modified program variables. We demonstrate the generality and power of our techniques by integrating them into the Verified Software Toolchain and certifying the correctness of seven graph-manipulating programs written in CompCert C, including a 400-line generational garbage collector for the CertiCoq project. While doing so, we identify two places where the semantics of C is too weak to define generational garbage collectors of the sort used in the OCaml runtime. Our proofs are entirely machine-checked in Coq.

Skip Supplemental Material Section

Supplemental Material

a171-wang

Presentation at OOPSLA '19

References

  1. Abhishek Anand, Andrew Appel, Greg Morrisett, Zoe Paraskevopoulou, Randy Pollack, Olivier Savary Belanger, Matthieu Sozeau, and Matthew Weaver. 2017. CertiCoq: A verified compiler for Coq. In The Third International Workshop on Coq for Programming Languages (CoqPL).Google ScholarGoogle Scholar
  2. Andrew W. Appel. 2012. Verified Software Toolchain. In NASA Formal Methods - 4th International Symposium, NFM 2012, Norfolk, VA, USA, April 3-5, 2012. Proceedings. 2. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Andrew W. Appel, Robert Dockins, Aquinas Hobor, Lennart Beringer, Josiah Dodds, Gordon Stewart, Sandrine Blazy, and Xavier Leroy. 2014. Program Logics for Certified Compilers. Cambridge University Press, New York, NY, USA.Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Andrew W. Appel and David McAllester. 2001. An Indexed Model of Recursive Types for Foundational Proof-Carrying Code. ACM Transactions on Programming Languages and Systems 23(5) (2001), 657–683.Google ScholarGoogle Scholar
  5. Andrew W. Appel, Paul-André Melliès, Christopher D. Richards, and Jerôme Vouillon. 2007. A Very Modal Model of a Modern, Major, General Type System. In Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’07). 109–122.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Gertrud Bauer and Tobias Nipkow. 2002. The 5 colour theorem in Isabelle/Isar. In International Conference on Theorem Proving in Higher Order Logics. Springer, 67–82.Google ScholarGoogle ScholarCross RefCross Ref
  7. Bernhard Beckert, Reiner Hähnle, and Peter H. Schmitt. 2007. Verification of Object-oriented Software: The KeY Approach. Springer-Verlag, Berlin, Heidelberg.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Jesper Bengtson, Jonas Braband Jensen, and Lars Birkedal. 2012. Charge! - A Framework for Higher-Order Separation Logic in Coq. In Interactive Theorem Proving - Third International Conference, ITP 2012, Princeton, NJ, USA, August 13-15, 2012. Proceedings. 315–331.Google ScholarGoogle Scholar
  9. Josh Berdine, Cristiano Calcagno, and Peter W. O’Hearn. 2005. Smallfoot: Modular Automatic Assertion Checking with Separation Logic. In FMCO. 115–137.Google ScholarGoogle Scholar
  10. R. Bornat, C. Calcagno, and P. O’Hearn. 2004. Local reasoning, separation and aliasing. In SPACE, Vol. 4.Google ScholarGoogle Scholar
  11. Richard Bornat, Cristiano Calcagno, and Hongseok Yang. 2006. Variables as Resource in Separation Logic. ENTCS 155 (2006), 247–276.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Ricky W Butler and Jon A Sjogren. 1998. A PVS Graph Theory Library. Technical Report.Google ScholarGoogle Scholar
  13. Arthur Charguéraud. 2010. Program verification through characteristic formulae. In Proceeding of the 15th ACM SIGPLAN international conference on Functional programming, ICFP 2010, Baltimore, Maryland, USA, September 27-29, 2010. 321–332. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Arthur Charguéraud. 2011. Characteristic formulae for the verification of imperative programs. In Proceeding of the 16th ACM SIGPLAN international conference on Functional Programming, ICFP 2011, Tokyo, Japan, September 19-21, 2011. 418–430. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Arthur Charguéraud and François Pottier. 2019. Verifying the Correctness and Amortized Complexity of a Union-Find Implementation in Separation Logic with Time Credits. J. Autom. Reasoning 62, 3 (2019), 331–365. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Ran Chen, Cyril Cohen, Jean-Jacques Lévy, Stephan Merz, and Laurent Théry. 2018. Formal Proofs of Tarjan’s Algorithm in Why3, Coq, and Isabelle. CoRR abs/1810.11979 (2018). arXiv: 1810.11979 http://arxiv.org/abs/1810.11979Google ScholarGoogle Scholar
  17. C. J. Cheney. 1970. A nonrecursive list compacting algorithm. Commun. ACM 13, 11 (1970), 677–678. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Wei Ngan Chin, Cristina David, Huu Hai Nguyen, and Shengchao Qin. 2010. Automated verification of shape, size and bag properties via user-defined predicates in separation logic. Science of Computer Programming 77(9) (2010), 1,006–1,036.Google ScholarGoogle Scholar
  19. Adam Chlipala. 2011. Mostly-automated verification of low-level programs in computational separation logic. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, San Jose, CA, USA, June 4-8, 2011. 234–245.Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Ching-Tsun Chou. 1994. A Formal Theory of Undirected Graphs in Higher-Order Logic. In Higher Order Logic Theorem Proving and Its Applications. Springer, 144–157.Google ScholarGoogle Scholar
  21. Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford S. Stein. 2009. Introduction to algorithms, 3rd edition. MIT Press and McGraw-Hill.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Leonardo Mendonça de Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings. 337–340. Google ScholarGoogle Scholar
  23. Dino Distefano and Matthew J. Parkinson. 2008. jStar: towards practical verification for java. In Proceedings of the 23rd Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2008, October 19-23, 2008, Nashville, TN, USA. 213–226. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Robert Dockins, Aquinas Hobor, and Andrew W. Appel. 2009. A Fresh Look at Separation Algebras and Share Accounting. In Programming Languages and Systems, 7th Asian Symposium, APLAS 2009, Seoul, Korea, December 14-16, 2009. Proceedings. 161–177.Google ScholarGoogle Scholar
  25. Catherine Dubois, Sourour Elloumi, Benoit Robillard, and Clément Vincent. 2015. Graphes et couplages en Coq. In Vingt-sixièmes Journées Francophones des Langages Applicatifs (JFLA 2015).Google ScholarGoogle Scholar
  26. Jean Duprat. 2001. A Coq toolkit for graph theory. Rapport de recherche 15 (2001).Google ScholarGoogle Scholar
  27. Adam Sandberg Ericsson, Magnus O. Myreen, and Johannes Åman Pohjola. 2017. A Verified Generational Garbage Collector for CakeML. In Interactive Theorem Proving - 8th International Conference, ITP 2017, Brasília, Brazil, September 26-29, 2017, Proceedings. 444–461. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Peter Gammie, Antony L Hosking, and Kai Engelhardt. 2015. Relaxing safely: verified on-the-fly garbage collection for x86-TSO. In ACM SIGPLAN Notices, Vol. 50. ACM, 99–109.Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Philippa Gardner, Sergio Maffeis, and Gareth David Smith. 2012. Towards a program logic for JavaScript. In Proceedings of the 39th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2012, Philadelphia, Pennsylvania, USA, January 22-28, 2012. 31–44. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Georges Gonthier. 2005. A computer-checked proof of the four colour theorem.Google ScholarGoogle Scholar
  31. Armaël Guéneau, Jacques-Henri Jourdan, Arthur Charguéraud, and François Pottier. 2019. Formal proof and analysis of an incremental cycle detection algorithm. In Interactive Theorem Proving - 9th International Conference, ITP 2019, Portland, USA, September 8-13, 2019, Proceedings.Google ScholarGoogle Scholar
  32. Armaël Guéneau, Magnus O. Myreen, Ramana Kumar, and Michael Norrish. 2017. Verified Characteristic Formulae for CakeML. In Programming Languages and Systems - 26th European Symposium on Programming, ESOP 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings. 584–610. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Jason Hickey, Anil Madhavapeddy, and Yaron Minsky. 2014. Real World OCaml. OReilly.Google ScholarGoogle Scholar
  34. Aquinas Hobor and Jules Villard. 2013. The ramifications of sharing in data structures. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’13). 523–536.Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Bart Jacobs, Jan Smans, Pieter Philippaerts, Frédéric Vogels, Willem Penninckx, and Frank Piessens. 2011. VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java. In NASA Formal Methods - Third International Symposium, NFM 2011, Pasadena, CA, USA, April 18-20, 2011. Proceedings. 41–55.Google ScholarGoogle ScholarCross RefCross Ref
  36. Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017. Interactive proofs in higher-order concurrent separation logic. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, January 18-20, 2017. 205–217. http://dl.acm.org/citation.cfm?id=3009855Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Neelakantan R. Krishnaswami. 2011. Verifying Higher-Order Imperative Programs with Higher-Order Separation Logic. Ph.D. Dissertation.Google ScholarGoogle Scholar
  38. Ramana Kumar, Magnus O. Myreen, Michael Norrish, and Scott Owens. 2014. CakeML: a verified implementation of ML. In The 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’14, San Diego, CA, USA, January 20-21, 2014. 179–192. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Peter Lammich and René Neumann. 2015. A Framework for Verifying Depth-First Search Algorithms. In Proceedings of the 2015 Conference on Certified Programs and Proofs, CPP 2015, Mumbai, India, January 15-17, 2015. 137–146. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Peter Lammich and S. Reza Sefidgar. 2019. Formalizing Network Flow Algorithms: A Refinement Approach in Isabelle/HOL. J. Autom. Reasoning 62, 2 (2019), 261–280. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. K. Rustan M. Leino. 2010. Dafny: An Automatic Program Verifier for Functional Correctness. In Logic for Programming, Artificial Intelligence, and Reasoning - 16th International Conference, LPAR-16, Dakar, Senegal, April 25-May 1, 2010, Revised Selected Papers. 348–370. Google ScholarGoogle ScholarCross RefCross Ref
  42. Xavier Leroy. 2006. Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2006, Charleston, South Carolina, USA, January 11-13, 2006. 42–54.Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Andrew McCreight, Tim Chevalier, and Andrew Tolmach. 2010. A certified framework for compiling and executing garbage-collected languages. In ACM Sigplan Notices, Vol. 45. ACM, 273–284.Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Andrew McCreight, Zhong Shao, Chunxiao Lin, and Long Li. 2007. A general framework for certifying garbage collectors and their mutators. In ACM SIGPLAN Notices, Vol. 42. ACM, 468–479.Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Tobias Nipkow. 2016. Verified analysis of functional data structures. In 1st International Conference on Formal Structures for Computation and Deduction (FSCD 2016). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik.Google ScholarGoogle Scholar
  46. Benedikt Nordhoff and Peter Lammich. 2012. Dijkstra’s Shortest Path Algorithm. Archive of Formal Proofs (Jan. 2012). http://isa-afp.org/entries/Dijkstra_Shortest_Path.shtml , Formal proof development.Google ScholarGoogle Scholar
  47. Lars Noschinski. 2015a. Formalizing Graph Theory and Planarity Certificates. Ph.D. Dissertation. Universität München.Google ScholarGoogle Scholar
  48. Lars Noschinski. 2015b. A Graph Library for Isabelle. Mathematics in Computer Science 9, 1 (2015), 23–39. Google ScholarGoogle Scholar
  49. Peter O’Hearn, John Reynolds, and Hongseok Yang. 2001. Local Reasoning about Programs that Alter Data Structures. In Computer Science Logic, Laurent Fribourg (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 1–19.Google ScholarGoogle Scholar
  50. Peter W. O’Hearn. 2012. A Primer on Separation Logic (and Automatic Program Verification and Analysis). Software Safety and Security 33 (2012), 286–318.Google ScholarGoogle Scholar
  51. Erez Petrank and Chris Hawblitzel. 2010. Automated Verification of Practical Garbage Collectors. Logical Methods in Computer Science 6 (2010).Google ScholarGoogle Scholar
  52. Filip Pizlo, Lukasz Ziarek, Petr Maj, Antony L Hosking, Ethan Blanton, and Jan Vitek. 2010. Schism: fragmentation-tolerant real-time garbage collection. ACM Sigplan Notices 45, 6 (2010), 146–159.Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Azalea Raad, Jules Villard, and Philippa Gardner. 2015. CoLoSL: Concurrent Local Subjective Logic. In Programming Languages and Systems - 24th European Symposium on Programming, ESOP 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015. Proceedings. 710–735. Google ScholarGoogle ScholarCross RefCross Ref
  54. John C. Reynolds. 2003. A Short Course on Separation Logic. (2003). http://www.cs.cmu.edu/afs/cs.cmu.edu/project/fox19/member/jcr/wwwaac2003/notes7.ps .Google ScholarGoogle Scholar
  55. Tom Ridge. 2005. Graphs and Trees in Isabelle/HOL. (2005).Google ScholarGoogle Scholar
  56. Ilya Sergey, Aleksandar Nanevski, and Anindya Banerjee. 2015. Mechanized Verification of Fine-grained Concurrent Programs. In PLDI. 77–87.Google ScholarGoogle Scholar
  57. Tetsuo Tamai. 2000. Formal treatment of a family of fixed-point problems on graphs by CafeOBJ. In Formal Engineering Methods, 2000. ICFEM 2000. Third IEEE International Conference on. IEEE, 67–74.Google ScholarGoogle ScholarCross RefCross Ref
  58. Alfred Tarski. 1955. A lattice-theoretical fixpoint theorem and its applications. Pacific Journal of Mathematics 5 (1955), 285–309.Google ScholarGoogle ScholarCross RefCross Ref
  59. Shengyi Wang, Qinxiang Cao, Anshuman Mohan, and Aquinas Hobor. 2019. Extended Autoquack. https://www.comp.nus. edu.sg/~hobor/Publications/2019/autoquack_extended_oopsla19.pdfGoogle ScholarGoogle Scholar
  60. Wai Wong. 1991. A Simple Graph Theory And Its Application In Railway Signaling. In HOL Theorem Proving System and Its Applications, 1991., International Workshop on the. 395–409. Google ScholarGoogle ScholarCross RefCross Ref
  61. Mitsuharu Yamamoto, Shin-ya Nishizaki, Masami Hagiya, and Yozo Toda. 1995. Formalization of planar graphs. In International Conference on Theorem Proving in Higher Order Logics. Springer, 369–384.Google ScholarGoogle ScholarCross RefCross Ref
  62. Mitsuharu Yamamoto, Koichi Takahashi, Masami Hagiya, Shin-ya Nishizaki, and Tetsuo Tamai. 1998. Formalization of graph search algorithms and its applications. In International Conference on Theorem Proving in Higher Order Logics. Springer, 479–496.Google ScholarGoogle ScholarCross RefCross Ref
  63. Hongseok Yang. 2001. Local Reasoning for Stateful Programs. Ph.D. Dissertation. University of Illinois.Google ScholarGoogle Scholar

Index Terms

  1. Certifying graph-manipulating C programs via localizations within data structures

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!