separation logic contracts for a java like language with
play

Separation Logic Contracts for a Java-like Language with Fork/Join - PowerPoint PPT Presentation

Sep 18, 2023 •122 likes •417 views

Separation Logic Contracts for a Java-like Language with Fork/Join Christian Haack Cl ement Hurlin Radboud University of Nijmegen INRIA Sophia Antipolis AMAST 2008 in Urbana-Champaign (Illinois) on July 28-31 http://mobius.inria.fr What

  1. Separation Logic Contracts for a Java-like Language with Fork/Join Christian Haack Cl´ ement Hurlin Radboud University of Nijmegen INRIA Sophia Antipolis AMAST 2008 in Urbana-Champaign (Illinois) on July 28-31 http://mobius.inria.fr

  2. What is this Talk About? Goals. specifying flexible heap access policies for Java programs verifying adherence to such policies Why? needed for modular program verification framing controling thread interference to prevent data races to prevent errors due to unwanted state modifications Our technique of choice. separation logic Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 2

  3. Example: Iterators interface Iterator { interface Collection { boolean hasNext(); void add(Object e); Object next(); Iterator iterator(); void remove(); } } Prevent: concurrent modifications of collection concurrent mutations of collection elements To this end: statically enforce disciplined iterator usage Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 3

  4. Outline Background on Separation Logic 1 Class Axioms 2 Abstract Predicates and Subclassing 3 Fork/Join 4 Conclusion 5 Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 4

  5. Background on Separation Logic: Connectives The points-to predicate. x . f �→ v 1 assertion that x . f contains v 2 access ticket for x . f Resource conjunction: F * G two access tickets not idempotent: F does not imply F * F we allow weakening: F * F implies F (because Java is garbage-collected) Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 5

  6. Background on Separation Logic: Connectives Resource implication: F -* G ticket to trade ticket F for ticket G linear modus ponens: F * ( F -* G ) -* G useful for representing the right to make a state transition: If F and G represent abstract program states, then F -* G represents the right to move from F to G . Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 6

  7. Background on Separation Logic: Hoare Rules Writing. { x . f �→ * F } x . f = v { x . f �→ v * F } Reading. { x . f �→ v * F } y = x . f { x . f �→ v * y == v * F } Concurrent threads. { F ′ } c ′ { G ′ } { F } c { G } { F * F ′ } c � c ′ { G * G ′ } Caveat: this rule disallows concurrent reads. Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 7

  8. Fractional Permissions for Concurrent Reads Superscripting points-to with fractions. π x . f �→ v π ∈ Q ∩ (0 , 1] The split/merge law. π π π 2 2 x . f �→ v *-* ( x . f �→ v * x . f �→ v ) Permission 1 grants write access: 1 1 { x . f �→ * F } x . f = v { x . f �→ v * F } Any permission grants read access: π π { x . f �→ v * F } y = x . f { x . f �→ v * y == v * F } This allows concurrent reads, while preventing data races. Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 8

  9. Method Contracts Preconditions say what access tickets callers must hand to methods. Postconditions say what access tickets methods hand back to callers. class C extends Thread { int f,g; 1 1 //@ requires this . f �→ * this . g �→ ; 1 1 //@ ensures this . f �→ * this . g �→ ; void run() { this.f = 1; this.g = 2; } 1 1 //@ requires this . f �→ * this . g �→ ; //@ ensures true; void m() { new C().start(); } } Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 9

  10. Abstract Predicates Classes can define predicates. class C extends Thread { int f,g; 1 1 //@ pred state = this . f �→ * this . g �→ ; //@ requires this.state; ensures this.state; void run() { this.f = 1; this.g = 2; } //@ requires this.state; ensures true; void m() { new C().start(); } } Object clients treat predicates abstractly. this knows the definitions of its own predicates. Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 10

  11. Outline Background on Separation Logic 1 Class Axioms 2 Abstract Predicates and Subclassing 3 Fork/Join 4 Conclusion 5 Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 11

  12. Class Axioms class C { interface I { · · · · · · //@ axiom F ; //@ axiom F ; · · · · · · } } Class axioms export facts about abstract predicates. Predicates definitions must make class axioms true. Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 12

  13. Example: Split/Mergeable Predicates (Datagroups) class Point { int x,y; p p //@ pred state<perm p> = this . x �→ * this . y �→ ; //@ axiom state<p> *-* ( state<p/2> * state<p/2> ); //@ requires this.state<1>; ensures this.state<1>; void set(int x, int y) { this.x = x; this.y = y; } //@ requires this.state<p>; ensures this.state<p>; double distToOrigin() { return Math.sqrt(x*x + y*y); } } group P < ¯ ∆ pred P < ¯ T ¯ x > ; = T ¯ x > ; axiom P < ¯ x > *-* ( P < ¯ e > * P < ¯ e >) ; � x i / 2 if T i = perm ∆ where e i = otherwise x i Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 13

  14. Example: Nested Datagroups interface Sprite { //@ group state<perm p>; //@ group position<perm p>; //@ group color<perm p>; //@ axiom position<p> ispartof state<p>; //@ axiom color<p> ispartof state<p>; //@ requires position<1>; ensures position<1>; void updatePosition(); //@ requires color<1>; ensures color<1>; void updateColor(); //@ requires state<1>; ensures state<1>; void update(); //@ requires state<p>; ensures state<p>; void display(); } ∆ F ispartof G = G -* ( F * ( F -* G )) Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 14

  15. Example: Recursive and Overlapping Datagroups interface StudentList { //@ group state<perm p>; //@ group ids and links<perm p, perm q>; //@ group grades and links<perm p, perm q>; //@ axiom //@ state<p> //@ *-* (ids and links<p,p/2> * grades and links<p,p/2>); //@ requires grades and links<1,p> * ids and links<q,r>; //@ ensures grades and links<1,p> * ids and links<q,r>; void updateGrade(int id, int grade); } The datagroups ids and links and grades and links overlap on the link fields. Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 15

  16. Example: A Usage Protocol for Iterators retrieve access right for collection c it.hasNext() readyFor it=c.iterator() it.hasNext()=true ready Next turn in access right for collection c result=it.next() it.remove() get access right turn in access for result right for result readyFor Remove Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 16

  17. Example: Iterator Usage Protocol (Collection) interface Collection { //@ requires this.state<1> * e.state<1>; //@ ensures this.state<1>; void add(Object e); //@ requires this.state<p>; //@ ensures result.ready; Iterator/*@<p,this>@*/ iterator(); } Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 17

  18. Example: Iterator Usage Protocol (Iterator) interface Iterator/*@<perm p, Collection iteratee>@*/ { //@ pred ready; //@ pred readyForNext; //@ pred readyForRemove<Object element>; //@ axiom ready -* iteratee.state<p>; //@ axiom readyForRemove<e> * e.state<p> -* ready; //@ requires ready; //@ ensures ready & (result -* readyForNext); boolean hasNext(); //@ requires readyForNext; //@ ensures readyForRemove<result> * result.state<p>; Object next(); //@ requires readyForRemove< > * p==1; //@ ensures ready; void remove(); } Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 18

  19. Outline Background on Separation Logic 1 Class Axioms 2 Abstract Predicates and Subclassing 3 Fork/Join 4 Conclusion 5 Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 19

  20. Extending Predicates Classes can extend abstract predicates. Predicate extensions in subclasses get * -conjoined with predicate extensions in superclasses. class C { int f; p //@ pred state<perm p> = this . f �→ ; } class D extends C { int g; p //@ pred state<perm p> = this . g �→ ; p p // total state: this . f * this . g �→ �→ } Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 20

  21. Axiomatizing the Stack of Class Frames e . P@C<¯ e> e . P<¯ e> holds “down to” class C e . P<¯ equivalent to e . P@D<¯ e> where D is e ’s dynamic class e> Axioms for opening/closing predicates class frame by class frame: e . P@C<¯ e> ispartof e . P<¯ e> recall that this desugars to e . P<¯ e> -* (e . P@C<¯ e> * (e . P@C<¯ e> -* e . P<¯ e>)) this . P@C<¯ e> *-* ( F * this . P@D<¯ e>) if F is P @ C < ¯ e > ’s definition in C , and C � 1 D Axiom for promoting qualified to unqualified predicates: (e . P@C<¯ e> * C isclassof e ) -* e . P<¯ e> this axiom is typically applied right after object constructors terminate We also allow arity extensions in subclasses (not shown). Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 21

  22. Outline Background on Separation Logic 1 Class Axioms 2 Abstract Predicates and Subclassing 3 Fork/Join 4 Conclusion 5 Christian Haack, Cl´ ement Hurlin Separation Logic Contracts 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Separation Logic Contracts for a Java-like Language with Fork/Join Christian Haack 1 and Cl

Separation Logic Contracts for a Java-like Language with Fork/Join Christian Haack 1 and Cl

Separation Logic Contracts for a Java-like Language with Fork/Join Christian Haack 1 and Cl ement Hurlin 2 1 Radboud Universiteit Nijmegen, The Netherlands 2 INRIA Sophia Antipolis - M editerran ee, France Abstract. We adapt a

280 views • 15 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
JAVA Java vs. Java Java Language Specification

JAVA Java vs. Java Java Language Specification

BR 10/05 JAVA Java vs. Java Java Language Specification http://java.sun.com/docs/books/jls/second_edition/html/j.title.doc.html Java programming language is compiled into java byte code Java Virtual Machine Specification

1.07k views • 44 slides
Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio

Extending propositional separation logic for robustness properties of separation logic Alessio Mansutti LSV, CNRS, ENS Paris-Saclay Paris - April 2019 What we will see An extension of propositional separation logic that can express some

569 views • 42 slides
A Controlled Language for the Specification of Contracts Gordon Pace Michael Rosner University

A Controlled Language for the Specification of Contracts Gordon Pace Michael Rosner University

A Controlled Language for the Specification of Contracts Gordon Pace Michael Rosner University of Malta G. Pace and M. Rosner (UoM) Controlled Natural Language Contracts CNL June 2009 1 / 33 Outline Motivation Contracts Language Logic

518 views • 48 slides
Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of

Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of

Hoare logic Lecture 5: Introduction to separation logic Jean Pichon-Pharabod University of Cambridge CST Part II 2017/18 Introduction In the previous lectures, we have considered a language, WHILE , where mutability only concerned program

734 views • 57 slides
Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Tutorial on separation logic Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Dagstuhl, 2015-11-02 Plan for the talk Talk outline Motivation Basic separation logic Concurrent separation logic Frame inference

597 views • 21 slides
Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms

Temporary Read-Only Permissions for Separation Logic Making Separation Logics Small Axioms Smaller Arthur Charguraud Franois Pottier LTP meeting Saclay, November 28, 2016 Motivation More Motivation Separation Logic with Read-Only

441 views • 27 slides
Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008

Separation Logic, Abstraction and Inheritance M. Parkinson, G. Bierman, in Proc. POPL , 2008 Timothe Martiel Research Topics in Software Engineering 1 / 19 Outline 1 From Separation Logic to Inheritance 2 Beyond Separation Logic 3 What About

553 views • 24 slides
Learning the Java Language Based on The Java Tutorial

Learning the Java Language Based on The Java Tutorial

Learning the Java Language Based on The Java Tutorial (http://docs.oracle.com/javase/tutorial/java/) Bryn Mawr College CS206 Intro to Data Structures Language Basics Variables Operators Expressions, Statements and Blocks

415 views • 20 slides
An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and

An introduction to separation logic James Brotherston Programming Principles, Logic and Verification Group Dept. of Computer Science University College London, UK J.Brotherston@ucl.ac.uk Logic Summer School, ANU, 7 December 2015 1/ 19

789 views • 63 slides
Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St

Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St

Internal calculi for Separation Logic ephane Demri 1 Etienne Lozes 2 Alessio Mansutti 1 St January 14, 2020 1 LSV, CNRS, ENS Paris-Saclay 2 I3S, Universit e C ote dAzur Separation Logic 99 Logic of Bunched Implication ( BI ) [P.

310 views • 27 slides
Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

CS6202: Advanced Topics in Programming Languages and Systems Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model Hoare-style Inference Rules Specification and Annotations Linked List and Segments

1.02k views • 76 slides
Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max

Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max

Undecidability of propositional separation logic and its neighbours James Brotherston 1 and Max Kanovich 2 1 Imperial College London 2 Queen Mary University of London LICS-25, University of Edinburgh, 12 July 2010 Separation logic (Reynolds,

1.11k views • 31 slides
Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 1 UCL 2 Middlesex University University of Vienna, 14 Mar 2017 1/ 19 Compositional proofs in separation logic (1) Separation

1.14k views • 91 slides
Separation logic and fragments: from expressive power to decision procedures St ephane Demri

Separation logic and fragments: from expressive power to decision procedures St ephane Demri

Separation logic and fragments: from expressive power to decision procedures St ephane Demri CNRS Marie Curie Fellow Yorktown Heights, March 2015 In Memoriam: Morgan Deters 2 Overview Separation Logic in a Nutshell 1 2 Expressive

915 views • 55 slides
Design and Analysis of Algorithms

Design and Analysis of Algorithms

Design and Analysis of Algorithms

1.15k views • 17 slides
CSE326:DataStructures Lecture#3 MindyourPriorityQs BartNiswonger

CSE326:DataStructures Lecture#3 MindyourPriorityQs BartNiswonger

CSE326:DataStructures Lecture#3 MindyourPriorityQs BartNiswonger SummerQuarter2001 TodaysOutline TheFirstQuiz! ThingsBartDidntGettoonWednesday

356 views • 14 slides
Computer Applications Lab Computer Applications Lab Lab 7 Lab 7 Designing GUI with Matlab

Computer Applications Lab Computer Applications Lab Lab 7 Lab 7 Designing GUI with Matlab

Computer Applications Lab Computer Applications Lab Lab 7 Lab 7 Designing GUI with Matlab Designing GUI with Matlab Dr. Iyad Jafar Adapted from Mathworks Outline Outline What is Graphical User Interface (GUI) ? GUI in Matlab

553 views • 36 slides
Automated Canaries with Prometheus, Kubernetes and Service Mesh Bryan Boreham

Automated Canaries with Prometheus, Kubernetes and Service Mesh Bryan Boreham

Automated Canaries with Prometheus, Kubernetes and Service Mesh Bryan Boreham @bboreham https://weave.works @weaveworks 1 Canary Deployment Stages https://github.com/weaveworks/flagger Thank You! Weaveworks

301 views • 5 slides
Mesh-Free Applications for Static and Dynamically Changing Node Configurations Natasha Flyer

Mesh-Free Applications for Static and Dynamically Changing Node Configurations Natasha Flyer

Mesh-Free Applications for Static and Dynamically Changing Node Configurations Natasha Flyer Computational Information Systems Lab National Center for Atmospheric Research Boulder, CO Meshes vs. Mesh-free discretizations Structured meshes:

461 views • 22 slides
Parallel I/O and Parallel Refinement Chris Richardson Garth Wells DCSE project NAG

Parallel I/O and Parallel Refinement Chris Richardson Garth Wells DCSE project NAG

Parallel I/O and Parallel Refinement Chris Richardson Garth Wells DCSE project NAG lp:~cam-fenics/dolfin/phdf5 lp:~cam-fenics/dolfin/parallel-refine File access in parallel Motivation: using HPC systems needs I/O that is scalable.

247 views • 22 slides
Sidecars and Service Meshes Next level scaling for microservices User Interface(s): HTML, CSS,

Sidecars and Service Meshes Next level scaling for microservices User Interface(s): HTML, CSS,

Sidecars and Service Meshes Next level scaling for microservices User Interface(s): HTML, CSS, etc HTTPS API Gateway: REST, gRPC, etc Message Session User Management Handling Management Post-Processing Data Retrieval Model Execution

513 views • 27 slides
5194.01: Introduction to High-Performance Deep Learning Mesh-TensorFlow &amp; SparkNet Shen Wang

5194.01: Introduction to High-Performance Deep Learning Mesh-TensorFlow &amp; SparkNet Shen Wang

. . . . . . . . . . . . . . 5194.01: Introduction to High-Performance Deep Learning Mesh-TensorFlow &amp; SparkNet Shen Wang The Ohio State University 10/21/2020 Shen Wang (The Ohio State University) 5194.01: Introduction to

716 views • 33 slides

More recommend