# Automated Verification with HIP and SLEEK Asankhaya Sharma.

## Presentation on theme: "Automated Verification with HIP and SLEEK Asankhaya Sharma."— Presentation transcript:

Automated Verification with HIP and SLEEK Asankhaya Sharma

Recall the List length Example int length(struct node* p) /*@ requires p::list ensures p::list & res=n; */ { if(p == NULL) return 0; else return 1 + length(p->next); } Memory Safety Length of the List Bag of Values

With Immutability int length(struct node* p) /*@ requires p::list<>@I ensures res=n; */ { if(p == NULL) return 0; else return 1 + length(p->next); } With Immutability Annotation More concise and precise specification

Recall the List Append Example void append(node* x, node* y) requires x::list & x != null & x = y ensures requires x::list & x != null ensures { if(x->next==NULL) x->next=y; else append(x->next,y); } x::clist x::lseg

With Immutability void append(node* x, node* y) requires x::lseg @I * p::node ensures p::node { if(x->next==NULL) x->next=y; else append(x->next,y); } Immutable List Segment Cut point preservation

Aliasing Example int foo(cell x, cell y) requires x::cell * y::cell ensures x::cell * y::cell & res = a+b requires x::cell & x = y ensures x::cell & res = 2*a; { return x.val + y.val; }

Heap Sharing with Immutability int foo(cell x, cell y) requires x::cell @I & y::cell @I ensures res = a+b { return x.val + y.val; } Allows Aliasing

Immutable Specifications Many programs do not change their input Use immutable specifications, where possible – More information (about the code) – More concise (for multiple pre/post) – More accurate (as cut points are preserved) – More efficient (as less folding is needed) – More control (don’t modify data)

Verification of Concurrent Programs Fork/join concurrency + (mutex) locks + barriers Properties – Functional correctness – Data-race freedom – Deadlock freedom Permission-based heaps, e.g. x::cell(0.5) * y::cell(0.5)

Example : thread as resource data cell { int val;} void thread1 (cell x) requires x::cell * y::cell ensures x::cell * y::cell ; { x.val = x.val + 1; y.val = y.val + 2;} void thread2 (thrd t1, cell y) requires t1::thrd > ensures y::cell ; { join(t1); y.val = y.val + 2;} void main() requires true ensure true; { cell x = new cell(0); cell y = new cell(0); thrd t1 = fork(thread1,x,y); //{t1::thrd * y::cell >} //{t1::thrd > * t1::thread >} thrd t2 = fork(thread2,t1,y); //{t1::thrd > join(t1); x.val = x.val + 1; join(t2); assert( x::cell * y::cell ); }

Example main thrd t1 = fork(thread1,x,y); thread1 thrd t2 = fork(thread2,t1,y); thread2 join(t1); join(t2); x,y t1 t1,t2 t1 x y t2,x y x,y multi-join

Further Reading David, Cristina, and Wei-Ngan Chin. "Immutable specifications for more concise and precise verification." In ACM SIGPLAN Notices, vol. 46, no. 10, pp. 359-374. ACM, 2011.

Download ppt "Automated Verification with HIP and SLEEK Asankhaya Sharma."

Similar presentations