Skip to main content
SpringerLink
Log in

Refinement to Imperative HOL

  • Published:
Journal of Automated Reasoning Aims and scope Submit manuscript

Abstract

Many algorithms can be implemented most efficiently with imperative data structures. This paper presents Sepref, a stepwise refinement based tool chain for the verification of imperative algorithms in Isabelle/HOL. As a back end we use imperative HOL, which allows to generate verified imperative code. On top of imperative HOL, we develop a separation logic framework with powerful proof tactics. We use this framework to verify basic imperative data structures and to define a refinement calculus between imperative and functional programs. We provide a tool to automatically synthesize a concrete imperative program and a refinement proof from an abstract functional program, selecting implementations of abstract data types according to a user-provided configuration. As a front end to describe the abstract programs, we use the Isabelle Refinement Framework, for which many algorithms have already been formalized. Our tool chain is complemented by a large selection of verified imperative data structures. We have used Sepref for several verification projects, resulting in efficient verified implementations that are competitive with unverified ones in Java or C\(++\).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. For technical reasons, we formalize a partial heap as a full heap with an address range. Assertions must not depend on heap content outside this address range.

  2. Again, for technical reasons, we additionally check that the program does not modify addresses outside the heap’s address range, and that it does not deallocate memory.

  3. The Isabelle/HOL function package [15] allows for convenient definition of such functions.

  4. The control structures must be the same, and the abstract operations must match the corresponding concrete operations.

  5. We applied \(\alpha \)-conversion to give the newly created variables convenient names.

  6. Again, we applied \(\alpha \)-conversion, to make the generated variable names more readable.

  7. A workaround for this particular example is to simultaneously return the head and tail of the list. However, for more complex operations, e. g. returning the first element that satisfies a predicate P, this technique gets unwieldy.

  8. Paper under review at the time of writing, the formalization is available at https://www21.in.tum.de/~lammich/max_flow/.

  9. Paper under review at the time of writing, the tool and further information is available at https://www21.in.tum.de/~lammich/grat/.

References

  1. Alur, R., Dill, D.L.: A theory of timed automata. Theoret. Comput. Sci. 126, 183–235 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  2. Back, R.J., von Wright, J.: Refinement Calculus—A Systematic Introduction. Springer, Berlin (1998)

    Book  MATH  Google Scholar 

  3. Bornat, R., Calcagno, C., O’Hearn, P., Parkinson, M.: Permission accounting in separation logic. In: POPL, pp. 259–270. ACM (2005)

  4. Bulwahn, L., Krauss, A., Haftmann, F., Erkök, L., Matthews, J.: Imperative functional programming with Isabelle/HOL. In: TPHOL, LNCS, vol. 5170, pp. 134–149. Springer (2008)

  5. Calcagno, C., O’Hearn, P., Yang, H.: Local action and abstract separation logic. In: LICS 2007, pp. 366–378 (2007)

  6. Charguéraud, A.: Characteristic formulae for the verification of imperative programs. In: ICFP, pp. 418–430. ACM (2011)

  7. Charguéraud, A.: Higher-order representation predicates in separation logic. In: Proceedings of CPP, pp. 3–14. ACM (2016)

  8. Charguéraud, A., Pottier, F.: Machine-Checked Verification of the Correctness and Amortized Complexity of an Efficient Union-Find Implementation, pp. 137–153. Springer, Berlin (2015)

    MATH  Google Scholar 

  9. Delaware, B., Pit-Claudel, C., Gross, J., Chlipala, A.: Fiat: deductive synthesis of abstract data types in a proof assistant. In: Proceedings of POPL, pp. 689–700. ACM (2015)

  10. Eberl, M.: Efficient and verified computation of simulation relations on NFAs. Bachelor’s thesis, Technische Universität München (2012)

  11. Edmonds, J., Karp, R.M.: Theoretical improvements in algorithmic efficiency for network flow problems. J. ACM 19(2), 248–264 (1972)

    Article  MATH  Google Scholar 

  12. Esparza, J., Lammich, P., Neumann, R., Nipkow, T., Schimpf, A., Smaus, J.G.: A fully verified executable LTL model checker. In: CAV, LNCS, vol. 8044, pp. 463–478. Springer (2013)

  13. Holzmann, G., Peled, D., Yannakakis, M.: On nested depth first search. In: SPIN, Discrete Mathematics and Theoretical Computer Science, vol. 32, pp. 23–32. American Mathematical Society (1996)

  14. Klein, G., Kolanski, R., Boyton, A.: Mechanised separation algebra. In: ITP, pp. 332–337. Springer (2012)

  15. Krauss, A.: Partial and nested recursive function definitions in higher-order logic. J. Autom. Reason. 44(4), 303–336 (2009). doi:10.1007/s10817-009-9157-2

    Article  MathSciNet  MATH  Google Scholar 

  16. Krauss, A.: Recursive definitions of monadic functions. In: Proceedings of PAR, vol. 43, pp. 1–13 (2010)

  17. Lammich, P.: Collections framework. In: Archive of Formal Proofs. http://afp.sf.net/entries/Collections.shtml (2009). Formal proof development

  18. Lammich, P.: Refinement for monadic programs. In: Archive of Formal Proofs. http://afp.sf.net/entries/Refine_Monadic.shtml (2012). Formal proof development

  19. Lammich, P.: Automatic data refinement. In: ITP, LNCS, vol. 7998, pp. 84–99. Springer (2013)

  20. Lammich, P.: Verified efficient implementation of Gabows strongly connected component algorithm. In: ITP, LNCS, vol. 8558, pp. 325–340. Springer (2014)

  21. Lammich, P.: The imperative refinement framework. In: Archive of Formal Proofs. http://isa-afp.org/entries/Refine_Imperative_HOL.shtml (2016). Formal proof development

  22. Lammich, P.: Refinement based verification of imperative data structures. In: CPP, pp. 27–36. ACM (2016)

  23. Lammich, P., Meis, R.: A separation logic framework for imperative HOL. In: Archive of Formal Proofs. http://afp.sf.net/entries/Separation_Logic_Imperative_HOL.shtml (2012). Formal proof development

  24. Lammich, P., Neumann, R.: A framework for verifying depth-first search algorithms. In: CPP ’15, pp. 137–146. ACM, New York, NY (2015)

  25. Lammich, P., Sefidgar, S.R.: Formalizing the Edmonds–Karp algorithm. In: Proceedings of ITP, pp. 219–234 (2016)

  26. Lammich, P., Tuerk, T.: Applying data refinement for monadic programs to Hopcroft’s algorithm. In: Proceedings of ITP, LNCS, vol. 7406, pp. 166–182. Springer (2012)

  27. Marti, N., Affeldt, R.: A certified verifier for a fragment of separation logic. In: PPL-Workshop (2007)

  28. Meis, R.: Integration von separation logic in DAS imperative HOL-framework (2011). Master Thesis, WWU Münster

  29. MLton Standard ML compiler. http://mlton.org/

  30. Nanevski, A., Morrisett, G., Shinnar, A., Govereau, P., Birkedal, L.: Ynot: reasoning with the awkward squad. In: ICFP (2008)

  31. Neumann, R.: A framework for verified depth-first algorithms. In: Workshop on automated theory exploration (ATX 2012), pp. 36–45 (2012)

  32. Nordhoff, B., Lammich, P.: Formalization of Dijkstra’s algorithm. In: Archive of Formal Proofs. http://afp.sf.net/entries/Dijkstra_Shortest_Path.shtml (2012). Formal proof development

  33. Pelk, R.: Beem: benchmarks for explicit model checkers. In: Model Checking Software, LNCS, pp. 263–267. Springer (2007)

  34. Reynolds, J.C.: Separation logic: a logic for shared mutable data structures. In: Proceedings of Logic in Computer Science (LICS), pp. 55–74. IEEE (2002)

  35. Schwoon, S., Esparza, J.: A note on on-the-fly verification algorithms. In: TACAS, LNCS, vol. 3440, pp. 174–190. Springer (2005)

  36. Sedgewick, R., Wayne, K.: Algorithms, 4th edn. Addison-Wesley, Reading (2011)

    Google Scholar 

  37. Traut, C., Noschinski, L.: Pattern-based subterm selection in Isabelle. In: Proceedings of Isabelle Workshop 2014 (2014)

  38. Tuerk, T.: A separation logic framework for HOL. Technical Report UCAM-CL-TR-799, University of Cambridge, Computer Laboratory. http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-799.pdf (2011)

  39. Wirth, N.: Program development by stepwise refinement. Commun. ACM 14(4), 221–227 (1971). doi:10.1145/362575.362577

Download references

Acknowledgements

We thank Rene Meis for formalizing the basics of separation logic for imperative HOL. Moreover, we thank Thomas Tuerk for interesting discussions about automation of separation logic. Finally, we thank Max Haslbeck, Simon Wimmer, and the anonymous reviewers for useful comments on draft versions of this paper.

Author information

Authors and Affiliations

  1. TU Munich, Boltzmannstr. 3, 85748, Garching, Germany

    Peter Lammich

Authors
  1. Peter Lammich
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peter Lammich.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lammich, P. Refinement to Imperative HOL. J Autom Reasoning 62, 481–503 (2019). https://doi.org/10.1007/s10817-017-9437-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10817-017-9437-1

Keywords

Search

Navigation