Verifying the Correctness and Amortized Complexity of a Union-Find Implementation in Separation Logic with Time Credits

Charguéraud, Arthur; Pottier, François

doi:10.1007/s10817-017-9431-7

Cited by 43 publications

(58 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For proofs of general graph algorithms, the situation is even more dire. Despite substantial improvements in the verification methodology for such algorithms [36,39], significant parts of the proof argument still typically need to be carried out using nonlocal reasoning [8,9,14,26]. This paper presents a general technique for local reasoning arXiv:1911.08632v1 [cs.LO] 19 Nov 2019 about global graph properties that can be used within off-the-shelf separation logics.…”

Section: Introductionmentioning

confidence: 99%

Local Reasoning for Global Graph Properties

Krishna

Summers

Wies

2020

Programming Languages and Systems

View full text Add to dashboard Cite

Separation logics are widely used for verifying programs that manipulate complex heap-based data structures. These logics build on so-called separation algebras, which allow expressing properties of heap regions such that modifications to a region do not invalidate properties stated about the remainder of the heap. This concept is key to enabling modular reasoning and also extends to concurrency. While heaps are naturally related to mathematical graphs, many ubiquitous graph properties are non-local in character, such as reachability between nodes, path lengths, acyclicity and other structural invariants, as well as data invariants which combine with these notions. Reasoning modularly about such graph properties remains notoriously difficult, since a local modification can have side-effects on a global property that cannot be easily confined to a small region. In this paper, we address the question: What separation algebra can be used to avoid proof arguments reverting back to tedious global reasoning in such cases? To this end, we consider a general class of global graph properties expressed as fixpoints of algebraic equations over graphs. We present mathematical foundations for reasoning about this class of properties, imposing minimal requirements on the underlying theory that allow us to define a suitable separation algebra. Building on this theory we develop a general proof technique for modular reasoning about global graph properties over program heaps, in a way which can be integrated with existing separation logics. To demonstrate our approach, we present local proofs for two challenging examples: a priority inheritance protocol and the non-blocking concurrent Harris list. S. Krishna et al. 1 method acquire(p: Node, r: Node) { 2 if (r.next == null) { 3 r.next := p; update(p, -1, r.curr_prio) 4 } else { 5 p.next := r; update(r, -1, p.curr_prio) 6 } 7 } 8 method update(n: Node, from: Int, to: Int) { 9 n.prios := n.prios \ {from} 10 if (to >= 0) n.prios := n.prios ∪ {to} 11 from := n.curr_prio 12 n.curr_prio := max(n.prios ∪ {n.def_prio}) 13 to := n.curr_prio; 14 if (from != to && n.next != null) { 15 update(n.next, from, to) 16 } 17 }

show abstract

Section: Introductionmentioning

confidence: 99%

Local Reasoning for Global Graph Properties

Krishna

Summers

Wies

2020

Programming Languages and Systems

View full text Add to dashboard Cite

show abstract

“…Atkey [1] proposed to use separation logic with time credits to reason about the amortised running time of programs; he formalized his logic and its soundness in Coq. Similar ideas were used by Hoffmann et al [10] to prove lock-freedom of concurrent programs, and by Charguéraud and Pottier [7] to verify the amortised running time of the Union-Find data structure in Coq. Guéneau et al [8] recently extended their framework to also obtain O results for the running time of programs.…”

Section: Related Workmentioning

confidence: 88%

“…The need for such a study becomes apparent when browsing the related literature (e.g. [1,6,7]): (formalized) soundness results are of course provided, but completeness of logics and VCGs is missing.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Hoare Logics for Time Bounds

Haslbeck

Nipkow

2018

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

We study three different Hoare logics for reasoning about time bounds of imperative programs and formalize them in Isabelle/HOL: a classical Hoare like logic due to Nielson, a logic with potentials due to Carbonneaux et al. and a separation logic following work by Atkey, Chaguérand and Pottier. These logics are formally shown to be sound and complete. Verification condition generators are developed and are shown sound and complete too. We also consider variants of the systems where we abstract from multiplicative constants in the running time bounds, thus supporting a big-O style of reasoning. Finally we compare the expressive power of the three systems.

show abstract

“…As a starting point, we take Iris [11][12][13][14], a powerful evolution of Concurrent Separation Logic [3]. We extend Iris with two elementary time-related concepts, namely time credits [1,4,9] and time receipts.…”

Section: Introductionmentioning

confidence: 99%

Time Credits and Time Receipts in Iris

Mével

Jourdan

Pottier

2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

We present a machine-checked extension of the program logic Iris with time credits and time receipts, two dual means of reasoning about time. Whereas time credits are used to establish an upper bound on a program's execution time, time receipts can be used to establish a lower bound. More strikingly, time receipts can be used to prove that certain undesirable events-such as integer overflows-cannot occur until a very long time has elapsed. We present several machine-checked applications of time credits and time receipts, including an application where both concepts are exploited."Alice: How long is forever? White Rabbit: Sometimes, just one second."-Lewis Carroll, Alice in Wonderland

show abstract

Verifying the Correctness and Amortized Complexity of a Union-Find Implementation in Separation Logic with Time Credits

Cited by 43 publications

References 60 publications

Local Reasoning for Global Graph Properties

Local Reasoning for Global Graph Properties

Hoare Logics for Time Bounds

Time Credits and Time Receipts in Iris

Contact Info

Product

Resources

About