Cargando…

Witnessing the elimination of magic wands

This paper discusses static verification of programs that have been specified using separation logic with magic wands. Magic wands are used to specify incomplete resources in separation logic, i.e., if missing resources are provided, a magic wand allows one to exchange these for the completed resour...

Descripción completa

Detalles Bibliográficos
Autores principales: Blom, Stefan, Huisman, Marieke
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Springer Berlin Heidelberg 2015
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4841211/
https://www.ncbi.nlm.nih.gov/pubmed/27194940
http://dx.doi.org/10.1007/s10009-015-0372-3
_version_ 1782428363492687872
author Blom, Stefan
Huisman, Marieke
author_facet Blom, Stefan
Huisman, Marieke
author_sort Blom, Stefan
collection PubMed
description This paper discusses static verification of programs that have been specified using separation logic with magic wands. Magic wands are used to specify incomplete resources in separation logic, i.e., if missing resources are provided, a magic wand allows one to exchange these for the completed resources. One of the applications of the magic wand operator is to describe loop invariants for algorithms that traverse a data structure, such as the imperative version of the tree delete problem (Challenge 3 from the VerifyThis@FM2012 Program Verification Competition), which is the motivating example for our work. Most separation logic-based static verification tools do not provide support for magic wands, possibly because validity of formulas containing the magic wand is, by itself, undecidable. To avoid this problem, in our approach the program annotator has to provide a witness for the magic wand, thus circumventing undecidability due to the use of magic wands. A witness is an object that encodes both instructions for the permission exchange that is specified by the magic wand and the extra resources needed during that exchange. We show how this witness information is used to encode a specification with magic wands as a specification without magic wands. Concretely, this approach is used in the VerCors tool set: annotated Java programs are encoded as Chalice programs. Chalice then further translates the program to BoogiePL, where appropriate proof obligations are generated. Besides our encoding of magic wands, we also discuss the encoding of other aspects of annotated Java programs into Chalice, and in particular, the encoding of abstract predicates with permission parameters. We illustrate our approach on the tree delete algorithm, and on the verification of an iterator of a linked list.
format Online
Article
Text
id pubmed-4841211
institution National Center for Biotechnology Information
language English
publishDate 2015
publisher Springer Berlin Heidelberg
record_format MEDLINE/PubMed
spelling pubmed-48412112016-05-16 Witnessing the elimination of magic wands Blom, Stefan Huisman, Marieke Int J Softw Tools Technol Transf VerifyThis 2012 This paper discusses static verification of programs that have been specified using separation logic with magic wands. Magic wands are used to specify incomplete resources in separation logic, i.e., if missing resources are provided, a magic wand allows one to exchange these for the completed resources. One of the applications of the magic wand operator is to describe loop invariants for algorithms that traverse a data structure, such as the imperative version of the tree delete problem (Challenge 3 from the VerifyThis@FM2012 Program Verification Competition), which is the motivating example for our work. Most separation logic-based static verification tools do not provide support for magic wands, possibly because validity of formulas containing the magic wand is, by itself, undecidable. To avoid this problem, in our approach the program annotator has to provide a witness for the magic wand, thus circumventing undecidability due to the use of magic wands. A witness is an object that encodes both instructions for the permission exchange that is specified by the magic wand and the extra resources needed during that exchange. We show how this witness information is used to encode a specification with magic wands as a specification without magic wands. Concretely, this approach is used in the VerCors tool set: annotated Java programs are encoded as Chalice programs. Chalice then further translates the program to BoogiePL, where appropriate proof obligations are generated. Besides our encoding of magic wands, we also discuss the encoding of other aspects of annotated Java programs into Chalice, and in particular, the encoding of abstract predicates with permission parameters. We illustrate our approach on the tree delete algorithm, and on the verification of an iterator of a linked list. Springer Berlin Heidelberg 2015-03-31 2015 /pmc/articles/PMC4841211/ /pubmed/27194940 http://dx.doi.org/10.1007/s10009-015-0372-3 Text en © The Author(s) 2015 https://creativecommons.org/licenses/by/4.0/ Open AccessThis article is distributed under the terms of the Creative Commons Attribution License which permits any use, distribution, and reproduction in any medium, provided the original author(s) and the source are credited.
spellingShingle VerifyThis 2012
Blom, Stefan
Huisman, Marieke
Witnessing the elimination of magic wands
title Witnessing the elimination of magic wands
title_full Witnessing the elimination of magic wands
title_fullStr Witnessing the elimination of magic wands
title_full_unstemmed Witnessing the elimination of magic wands
title_short Witnessing the elimination of magic wands
title_sort witnessing the elimination of magic wands
topic VerifyThis 2012
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4841211/
https://www.ncbi.nlm.nih.gov/pubmed/27194940
http://dx.doi.org/10.1007/s10009-015-0372-3
work_keys_str_mv AT blomstefan witnessingtheeliminationofmagicwands
AT huismanmarieke witnessingtheeliminationofmagicwands