Download presentation

Presentation is loading. Please wait.

Published byLeah McGarry Modified over 4 years ago

2
A Framework for describing recursive data structures Kenneth Roe Scott Smith

3
Shape analysis and Recursive data structures The objective is to verify the integrity of dynamic data structures such as lists and trees Based on principles of separation logic Builds on work from Byron Cook and company The key contribution is reasoning about data structures more complex than linked lists –Regular expressions are used to describe paths through data structures Creating a COQ formalism

4
Sample progam Data Structures struct list { struct list *n; struct tree *t; }; struct tree { struct tree *l, *r; int value;};

5
Sample program code Struct list *p; void build pre order(struct tree *r) { struct list *i = NULL, *n, *x; struct tree *t = r; p = NULL; while (t) { n=p; p = malloc(sizeof(struct list)); p->l = t; p->n = n; if (t->l==NULL && t->r==NULL) { if (i==NULL) { t = NULL;} else { struct list *tmp = i->n; t = i->l; free(l); i = tmp;} } else if (t->r==NULL) {t = t->l; } else if (t->l==NULL) {t = t->r; } else {n = i; i = malloc(sizeof(struct list)); i->n = n; x = t->r; i->t = x; t = t->l; } } }

6
Invariants The program maintains two well formed linked lists, the heads of which are pointed to by i and p. p nt nt … i nt nt … r l4r l2r l1r l6r l3rl5r

7
Invariants The program maintains a well formed tree pointed to by r. p nt nt … i nt nt … r l4r l2r l1r l6r l3rl5r

8
Invariants t always points to an element in the tree rooted at r. p nt nt … i nt nt … r l4r l2r l1r l6r l3rl5r

9
Invariants The two lists and the tree do not share any nodes. p nt nt … i nt nt … r l4r l2r l1r l6r l3rl5r

10
Invariants Other than the memory used for the two lists and the tree, no other heap memory is allocated. p nt nt … i nt nt … r l4r l2r l1r l6r l3rl5r

11
Invariants The t field of every element in both list structures points to an element in the tree. p nt nt … i nt nt nil r l4r l2r l1r l6r l3rl5r t

12
State representation r (l |r)* t ( v. z.p n *v v t z r (l |r)* z) ( v. z.i n *v v t z r (l |r)* z) nt nt … R n (i, ) nt nt nil R (l |r) (r, ) l4r l2r l1r l6r l3rl5r R n (p, ) ** t

13
Backward reasoning Logic rules for back propagation Generated preconditions imply post condition Not guaranteed to get weakest pre-condition The system also contains rules for merging states –Becomes necessary when joining the branches of an if statement

14
Back-chaining example Last line of source code: n = i; i = malloc(sizeof(struct list)); i->n = n; x = t->r; i->t = x; t = t->l;

15
Back-chaining example r (l |r)* t ( v. z.p n *v v t z r (l |r)* z) ( v. z. i n *v v t z r (l |r)* z) R n (p, ) * R (l |r) (r, ) * R n (i, ) p nt nt … i nt nt nil r l4r l2r l1r l6r l3rl5r t

16
Back-chaining example t l q r (l |r)* q ( v. z.p n * v v l z r (l |r)* z) ( v. z. i n *v v l z r (l|r)* z) R n (p, ) * R (l |r) (r, ) * R n (i, ) p nt nt … i nt nt nil r l4r l2r l1r l6r l3rl5r t t = t->l

17
Back-chaining example t l q r (l |r)* t ( v. z.p n *v v l z r (l |r)* z) ( v. z.i n *v v l z r (l |r)* z) R n (p, ) * R (l|r) (r, ) * R n (i, ) p nt nt … i nt nt nil r l4r l2r l1r l6r l3rl5r t t = t->l

18
Back-chaining example We have back propagated over the last statement. We have several more statements to go n = i; i = malloc(sizeof(struct list)); i->n = n; x = t->r; i->t = x; t = t->l;

19
Back-chaining example After back-propagating over the remaining statements, we end up with the following which is almost our original invariant: t l q t r e r (l |r)* t ( v. z. p n *v v l z r (l |r)* z) ( v. z. i n *v v l z r (l |r)* z) | R n (p, ) * R (l |r) (r, ) * R n (i, )

20
Future work COQ verification (in progress) Arrays Length predicate Handling procedures More information: www.cs.jhu.edu/~roe

Similar presentations

OK

CS 261 – Data Structures AVL Trees. Binary Search Tree: Balance Complexity of BST operations: proportional to the length of the path from the root to.

CS 261 – Data Structures AVL Trees. Binary Search Tree: Balance Complexity of BST operations: proportional to the length of the path from the root to.

© 2018 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google