Abstract
Binomial heaps have interesting invariants that constrain the shape of and the values stored in the data structure. A challenge of the VSComp 2014 verification competition was to find a fault in a given Java implementation of binomial heaps that leads to a violation of the invariants, to fix the error, and to verify the corrected version. In this paper, we present the first solution to this challenge. Using an encoding of the verification problem into Viper, we identified and fixed the known and a previously-unknown fault in the Java code and then successfully verified the implementation. Our case study illustrates the degree of automation that modern program verifiers achieve for complex invariants; it also demonstrates how modular verification techniques can be used to iteratively strengthen the verified properties, allowing the developer to focus on one concern at a time.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
S. Blom, S. Darabi, M. Huisman, and W. Oortwijn. The VerCors tool set: Verification of parallel and concurrent software. In N. Polikarpova and S. Schneider, editors, Integrated Formal Methods (IFM), volume 10510 of LNCS, pages 102–110. Springer, 2017.
J. Boyland. Checking interference with fractional permissions. In Static Analysis Symposium (SAS), volume 2694 of LNCS, pages 55–72. Springer, 2003.
C. Calcagno, D. Distefano, P. W. O’Hearn, and H. Yang. Compositional shape analysis by means of bi-abduction. In Z. Shao and B. C. Pierce, editors, Principles of Programming Languages (POPL), pages 289–300. ACM, 2009.
T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein. Introduction to Algorithms, 3rd Edition. MIT Press, 2009.
M. Doko and V. Vafeiadis. Tackling real-life relaxed concurrency with FSL++. In H. Yang, editor, European Symposium on Programming (ESOP), volume 10201 of LNCS, pages 448–475. Springer, 2017.
C. Hawblitzel, J. Howell, M. Kapritsos, J. R. Lorch, B. Parno, M. L. Roberts, S. T. V. Setty, and B. Zill. Ironfleet: proving practical distributed systems correct. In E. L. Miller and S. Hand, editors, Symposium on Operating Systems Principles (SOSP), pages 1–17. ACM, 2015.
C. Hawblitzel, J. Howell, J. R. Lorch, A. Narayan, B. Parno, D. Zhang, and B. Zill. Ironclad apps: End-to-end security via automated full-system verification. In J. Flinn and H. Levy, editors, Operating Systems Design and Implementation (OSDI), pages 165–181. USENIX Association, 2014.
S. Heule, I. T. Kassios, P. Müller, and A. J. Summers. Verification condition generation for permission logics with abstract predicates and abstraction functions. In G. Castagna, editor, European Conference on Object-Oriented Programming (ECOOP), volume 7920 of LNCS, pages 451–476. Springer, 2013.
S. Heule, K. R. M. Leino, P. Müller, and A. J. Summers. Abstract read permissions: Fractional permissions without the fractions. In Verification, Model Checking, and Abstract Interpretation (VMCAI), volume 7737 of LNCS, pages 315–334, 2013.
J. Kaiser, H. Dang, D. Dreyer, O. Lahav, and V. Vafeiadis. Strong logic for weak memory: Reasoning about release-acquire consistency in Iris. In P. Müller, editor, European Conference on Object-Oriented Programming (ECOOP), volume 74 of LIPIcs, pages 17:1–17:29. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 2017.
V. Klebanov, P. Müller, N. Shankar, G. T. Leavens, V. Wüstholz, E. Alkassar, R. Arthan, D. Bronish, R. Chapman, E. Cohen, M. Hillebrand, B. Jacobs, K. R. M. Leino, R. Monahan, F. Piessens, N. Polikarpova, T. Ridge, J. Smans, S. Tobies, T. Tuerk, M. Ulbrich, and B. Weiss. The 1st Verified Software Competition: Experience report. In M. Butler and W. Schulte, editors, Formal Methods (FM), volume 6664 of LNCS, pages 154–168. Springer, 2011.
G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. sel4: formal verification of an OS kernel. In J. N. Matthews and T. E. Anderson, editors, Symposium on Operating Systems Principles (SOSP), pages 207–220. ACM, 2009.
K. R. M. Leino and V. Wüstholz. Fine-grained caching of verification results. In Computer Aided Verification (CAV), volume 9206 of LNCS, pages 380–397. Springer, 2015.
P. Müller. The binomial heap verification challenge in Viper: Online appendix. http://viper.ethz.ch/onlineappendix-binomialheap, 2018.
P. Müller, M. Schwerhoff, and A. J. Summers. Automatic verification of iterated separating conjunctions using symbolic execution. In S. Chaudhuri and A. Farzan, editors, Computer Aided Verification (CAV), volume 9779 of LNCS, pages 405–425. Springer, 2016.
P. Müller, M. Schwerhoff, and A. J. Summers. Viper: A verification infrastructure for permission-based reasoning. In B. Jobstmann and K. R. M. Leino, editors, Verification, Model Checking, and Abstract Interpretation (VMCAI), volume 9583 of LNCS, pages 41–62. Springer, 2016.
P. W. O’Hearn, J. C. Reynolds, and H. Yang. Local reasoning about programs that alter data structures. In Computer Science Logic (CSL), pages 1–19. Springer, 2001.
M. Parkinson and G. Bierman. Separation logic and abstraction. In J. Palsberg and M. Abadi, editors, Principles of Programming Languages (POPL), pages 247–258. ACM, 2005.
R. Piskac, T. Wies, and D. Zufferey. Automating separation logic with trees and data. In A. Biere and R. Bloem, editors, Computer Aided Verification (CAV), volume 8559 of LNCS, pages 711–728. Springer, 2014.
A. Poetzsch-Heffter. Specification and verification of object-oriented programs. Habilitation thesis, Technical University of Munich, Jan. 1997. https://softech.cs.uni-kl.de/homepage/en/publications.
M. Schwerhoff and A. J. Summers. Lightweight support for magic wands in an automatic verifier. In J. T. Boyland, editor, European Conference on Object-Oriented Programming (ECOOP), volume 37 of LIPIcs, pages 614–638. Schloss Dagstuhl, 2015.
J. Smans, B. Jacobs, and F. Piessens. Implicit dynamic frames: Combining dynamic frames and separation logic. In European Conference on Object-Oriented Programming (ECOOP), volume 5653 of LNCS, pages 148–172. Springer, 2009.
A. J. Summers and S. Drossopoulou. A formal semantics for isorecursive and equirecursive state abstractions. In G. Castagna, editor, European Conference on Object-Oriented Programming (ECOOP), volume 7920 of LNCS, pages 129–153. Springer, 2013.
T. Tuerk. Local reasoning about while-loops. In R. Joshi, T. Margaria, P. Müller, D. Naumann, and H. Yang, editors, VSTTE 2010. Workshop Proceedings, pages 29–39. ETH Zurich, 2010.
V. Vafeiadis and C. Narayan. Relaxed separation logic: a program logic for C11 concurrency. In A. L. Hosking, P. T. Eugster, and C. V. Lopes, editors, Object Oriented Programming Systems Languages & Applications (OOPSLA), pages 867–884. ACM, 2013.
Acknowledgements
We thank Marcelo Frias for proposing the Binomial Heaps verification challenge and for clarifying the results of previous verification attempts. We are grateful to Malte Schwerhoff for his help with the verification effort and to Alex Summers for the performance measurements.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Müller, P. (2018). The Binomial Heap Verification Challenge in Viper. In: Müller, P., Schaefer, I. (eds) Principled Software Development. Springer, Cham. https://doi.org/10.1007/978-3-319-98047-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-98047-8_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98046-1
Online ISBN: 978-3-319-98047-8
eBook Packages: Computer ScienceComputer Science (R0)