Automating Separation Logic with Trees and Data Ruzica Piskac Yale University Thomas Wies New York University Damien Zufferey MIT CSAIL CAV, 22.07.2014,

Slides:



Advertisements
Similar presentations
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Advertisements

Automated Verification with HIP and SLEEK Asankhaya Sharma.
Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.
Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.
§6 Leftist Heaps CHAPTER 5 Graph Algorithms  Heap: Structure Property + Order Property Target : Speed up merging in O(N). Leftist Heap: Order Property.
Comp 122, Spring 2004 Binary Search Trees. btrees - 2 Comp 122, Spring 2004 Binary Trees  Recursive definition 1.An empty tree is a binary tree 2.A node.
Binary Trees, Binary Search Trees CMPS 2133 Spring 2008.
1 Chapter 6 Priority Queues (Heaps) General ideas of priority queues (Insert & DeleteMin) Efficient implementation of priority queue Uses of priority queues.
CS 315 March 24 Goals: Heap (Chapter 6) priority queue definition of a heap Algorithms for Insert DeleteMin percolate-down Build-heap.
Combining Theories Sharing Set Operations Thomas Wies joint work with Ruzica Piskac and Viktor Kuncak TexPoint fonts used in EMF. Read the TexPoint manual.
1 Trees. 2 Outline –Tree Structures –Tree Node Level and Path Length –Binary Tree Definition –Binary Tree Nodes –Binary Search Trees.
Chapter 9 contd. Binary Search Trees Anshuman Razdan Div of Computing Studies
1 BST Trees A binary search tree is a binary tree in which every node satisfies the following: the key of every node in the left subtree is.
CSCE 3110 Data Structures & Algorithm Analysis Binary Search Trees Reading: Chap. 4 (4.3) Weiss.
CPS Balanced Search Trees l BST: efficient lookup, insertion, deletion  Average case: O(log n) for all operations since find is O(log n) [complexity.
1 Trees A tree is a data structure used to represent different kinds of data and help solve a number of algorithmic problems Game trees (i.e., chess ),
Verifying Properties of Well-Founded Linked Lists Verifying Properties of Well-Founded Linked Lists Shuvendu K. Lahiri Shaz Qadeer Software Reliability.
Binary Trees, Binary Search Trees RIZWAN REHMAN CENTRE FOR COMPUTER STUDIES DIBRUGARH UNIVERSITY.
CSIT 402 Data Structures II
Heaps. What is a heap? Like a binary search tree, but less structure within each level. Guarantees: – Parent better than child – That’s it! What does.
Binary Search Trees Binary Search Trees (BST)  the tree from the previous slide is a special kind of binary tree called a binary.
Binary Search Tree Traversal Methods. How are they different from Binary Trees?  In computer science, a binary tree is a tree data structure in which.
Cristian Gherghina 1, Cristina David 1, Shengchao Qin 2, Wei-Ngan Chin 1 1 National University of Singapore 2 University of Teesside Structured Specifications.
Searching and Binary Search Trees CSCI 3333 Data Structures.
Analysis of Algorithms CS 477/677 Instructor: Monica Nicolescu Lecture 9.
What is a heap? Always keep the thing we are most interested in close to the top (and fast to access). Like a binary search tree, but less structured.
Review for Exam 2 Topics covered (since exam 1): –Splay Tree –K-D Trees –RB Tree –Priority Queue and Binary Heap –B-Tree For each of these data structures.
Binary Search Trees (BST)
Tree Data Structures. Heaps for searching Search in a heap? Search in a heap? Would have to look at root Would have to look at root If search item smaller.
Mergeable Heaps David Kauchak cs302 Spring Admin Homework 7?
Copyright © 2012 Pearson Education, Inc. Chapter 20: Binary Trees.
Copyright © 2015, 2012, 2009 Pearson Education, Inc., Publishing as Addison-Wesley All rights reserved. Chapter 20: Binary Trees.
1 Trees What is a Tree? Tree terminology Why trees? What is a general tree? Implementing trees Binary trees Binary tree implementation Application of Binary.
Search: Binary Search Trees Dr. Yingwu Zhu. Review: Linear Search Collection of data items to be searched is organized in a list x 1, x 2, … x n – Assume.
1 Binary Search Trees  Average case and worst case Big O for –insertion –deletion –access  Balance is important. Unbalanced trees give worse than log.
(c) University of Washington20c-1 CSC 143 Binary Search Trees.
Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 20: Binary Trees.
AA Trees.
CSCE 3110 Data Structures & Algorithm Analysis
CSCE 3110 Data Structures & Algorithm Analysis
CSE 373 Binary search trees; tree height and balance
Matching Logic An Alternative to Hoare/Floyd Logic
BST Trees
Topics covered (since exam 1):
Balancing Binary Search Trees
CISC220 Fall 2009 James Atlas Lecture 13: Binary Trees.
Lecture 22 Binary Search Trees Chapter 10 of textbook
Trees.
ITEC 2620M Introduction to Data Structures
Binary Trees, Binary Search Trees
Chapter 20: Binary Trees.
Chapter 22 : Binary Trees, AVL Trees, and Priority Queues
Binary Search Trees.
Monday, April 16, 2018 Announcements… For Today…
Chapter 21: Binary Trees.
Topics covered (since exam 1):
Find in a linked list? first last 7  4  3  8 NULL
AVL Trees: AVL Trees: Balanced binary search tree
ICS 353: Design and Analysis of Algorithms
ICS 353: Design and Analysis of Algorithms
Binary Trees, Binary Search Trees
CSC 143 Binary Search Trees.
Trees.
Binary Trees, Binary Search Trees
Sharing Set Operations
NATURE VIEW OF A TREE leaves branches root. NATURE VIEW OF A TREE leaves branches root.
Tree (new ADT) Terminology: A tree is a collection of elements (nodes)
AVL Trees: AVL Trees: Balanced binary search tree
Presentation transcript:

Automating Separation Logic with Trees and Data Ruzica Piskac Yale University Thomas Wies New York University Damien Zufferey MIT CSAIL CAV, , Vienna 1

Motivation: extracting max element in a BST procedure extract_max(root: Node, pr: Node) returns (new_root: Node, max: Node) { var c, m: Node; if (root.right != null) { c, m := extract_max(root.right, root); root.right := c; return root, m; } else { c := root.left; root.parent := null; if (c != null) c.parent := pr; return c, root; }}

Motivation: extracting max element in a BST procedure extract_max(root: Node, pr: Node) returns (new_root: Node, max: Node) { var c, m: Node; if (root.right != null) { c, m := extract_max(root.right, root); root.right := c; return root, m; } else { c := root.left; root.parent := null; if (c != null) c.parent := pr; return c, root; }} m p r 3

Motivation: extracting max element in a BST procedure extract_max(root: Node, pr: Node) returns (new_root: Node, max: Node) { var c, m: Node; if (root.right != null) { c, m := extract_max(root.right, root); root.right := c; return root, m; } else { c := root.left; root.parent := null; if (c != null) c.parent := pr; return c, root; }} p r 4

Motivation: extracting max element in a BST procedure extract_max(root: Node, pr: Node) returns (new_root: Node, max: Node) { var c, m: Node; if (root.right != null) { c, m := extract_max(root.right, root); root.right := c; return root, m; } else { c := root.left; root.parent := null; if (c != null) c.parent := pr; return c, root; }} Memory safety Preserve shape of trees Functional correctness Preserve frame

Trees in SL x l r 6 Allocated (access) Separating conjunction

Motivation: extracting max element in a BST Non-empty binary search tree Binary search tree and a single node 7

Motivation: extracting max element in a BST 8

Existing approaches to reasoning about SL with trees Unrolling inductive definitions [Nguyen et al. 07, Qiu et al. 13] Advantages: conceptually simple and efficient Limitation: incompleteness Reduction to MSOL [Iosif et al. 13] Advantage: complete Limitations: high complexity, non trivial extensions with data Other approaches not targeting SL Limitations: global assumptions about structure of the heap 9

Limitation of unfolding based methods procedure contains(root: Node, val: Int) returns (res: Bool) requires tree(root); ensures tree(root); { var curr: Node := root; while (curr != null && curr.data != val) invariant ???; { if (curr.data < val) { curr := curr.left; } else if (curr.data > val) { curr := curr.right; } } if (curr != null) return true; else return false; } root curr 10

Contributions A decision procedure for a fragment of SL with trees and data Complete “Low” complexity (NP-complete) SMT-based (allows for combination with other theories) Implemented in the GRASShopper tool Functional correctness of tree based data structure 11

Limitation of unfolding based methods procedure contains(root: Node, val: Int) returns (res: Bool) requires tree(root); ensures tree(root); { var curr: Node := root; while (curr != null && curr.data != val) invariant tree(curr) -** tree(root); { if (curr.data < val) { curr := curr.left; } else if (curr.data > val) { curr := curr.right; } } if (curr != null) return true; else return false; } root curr “Russian dolls” operator 12

Reducing SL to First Order Logic 13

SL to First Order Logic [Piskac et al. 13] formula structurefootprint SL FOL For entailment queries: negate only reachabilitysets precise fragment 14 decidable fragment We provide a target logic, called GRIT, for SL of trees

Example of the Translation 15

Decision Procedure 16

Backward Reachability t1t1 t2t2 l l l r r r ( l,r ) * t1t1 t2t2 p pp p p p p*p* Reasoning using backward reachability [Balaban et al. 07] Allows us to use work on reachability logics [Rakamaric et al. 07, Lahiri & Qadeer 08] Axiomatization of Tree in terms of reachability predicates, based on [Wies et al. 11] 17

Axioms: definition of the footprint root x null p*p* 18

Axioms: p inverse of l x lp*p* 19

Axioms: l and r descendants y x p*p* y x l p*p* y x p*p* r x,y 20

Underlying Principle Based on local theory extensions [Sofronie-Stokkermans, CADE’05] Reasoning done on partial models p* p l,r 21

Extensions with Data 22

Monadic predicates 23 Apply the axioms to each term in the formula

Binary predicates Needs to be transitive (generalize to reachability) Sorted trees are ok Trees with height are not Reasoning on partial model

Set projection null

Experiments GRASShopper Tested on tree data structures: binary search trees skew heaps union-find (inverted trees) Show memory safety and functional correctness for basic operations Operations: from 8 to 77 LOC, spec from 3 to 7 lines Solving time: median=3s, average = 33s, max = 361s Detailed results in the paper 26

Contributions In this paper, we introduced: An NP-decision procedure for a fragment of SL with trees and data SMT-based decision procedure allows for combination with other theories Implemented in the GRASShopper tool 27

Related Work SL inductive definitions of bounded tree-width [Iosif et al. 13] MSOL [Thatcher & Wright 68, Klarlund & Møller 01] Reachability and data: [Bouajjani et al. 09, Madhusudan et al. 11] Tools for proving functional correctness of linked data structures: Bedrock [Chlipala 13], Dafny [Leino 13], Jahob [Zee et al. 08], HIP/SLEEK [Nguyen et al. 07], and VeriFast [Jacobs et al. 11]. … 28

Axioms: no non-trivial cycles x y x,y p*p* 29

Axioms: nothing between parent and child x l p*p* y x y l x,y lp*p*p*p* 30

Axioms: children distinct x l,r x null l,r 31

First Common Ancestor Needed to make sure we can build trees from partial models x y x y fca(p,x,y) 32

GRASShopper: experimental results 1 Data structureProcedure# LOC# L spec# L ghost#VCsTime in s Set as binary tree Functional correctness Contains Destroy82271 Extract_max Insert Remove Rotate (l,r) Set as sorted list Functional correctness Contains Delete Difference Insert Union

GRASShopper: experimental results 2 Data structureProcedure# LOC# L spec# L ghost#VCsTime in s Union-find (tree view) Functional correctness Find Union Create Union-find (list view) Path compression Find Union97143 Create Skew heap Shape, heap property Insert Union Extract_max And some more examples using loops …

Axiomatization of GRIT 35

First-Order Axioms for B(etween) 36

Graph Reachability and Inverted Trees (GRIT) 37

Frontend / SpecificationBackend / Solver SL + succinct + intuitive - tailor-made solvers - difficult to extend + local reasoning (frame inference) FOL + flexible - complex + standardized solvers (SMT-LIB) + extensible (e.g. Nelson-Oppen) Motivation for SMT-based SL reasoning Strong theoretical guarantees: sound, complete, tractable complexity (NP) Mixed specs: escape hatch when SL is not suitable. 38

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.