Skip to main content
SpringerLink
Log in

Verification of B\(^+\) trees by integration of shape analysis and interactive theorem proving

  • Special Section Paper
  • Published:
Software & Systems Modeling Aims and scope Submit manuscript

Abstract

Interactive proofs of correctness of pointer-manipulating programs tend to be difficult. We propose an approach that integrates shape analysis and interactive theorem proving, namely three-valued logic analyzer (TVLA) and KIV. The approach uses shape analysis to automatically discharge proof obligations for various data structure properties, such as “acyclicity”. To this purpose, we define a mapping between typed algebraic heaps and TVLA. We verify the main operations of B\(^+\) trees by decomposing the problem into three layers: The top-level is an interactive proof of the main recursive procedures. The actual modifications of the data structure are verified with shape analysis. TVLA itself relies on problem-specific constraints and lemmas, that were proven in KIV as a foundation for an overall correct analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22

Similar content being viewed by others

Notes

  1. This contract ignores the node sizes, see (33) for the full contract.

  2. TVLA is in fact able to infer this by a dependency analysis of predicate definitions with respect to updates.

  3. Several steps are necessary, because TVLA allows materializations only before updates, however, here we assign to \({\mathsf{new }}\) first and then materialize.

  4. Formally, in KIV, the sort \(\mathsf{heap }\) is defined as a non-free data-type with finite partial functions as models. There is a mixfix apply function. \([ . ] : \mathsf{heap }\times \mathsf{ref }\rightarrow \mathsf{object }\), and an element predicate \(. \in . \subseteq \mathsf{ref }\times \mathsf{heap }\). For simplicity, we write \(H(r)\) instead of \(H[r]\).

  5. Progress monitors as found in [16] can be used to show termination and are an interesting aspect for future work.

References

  1. Bayer, R., McCreight, E.: Organization and maintenance of large ordered indices. Acta Inform. 1, 173–189 (1972)

    Article  Google Scholar 

  2. Blanchette, J.C., Nipkow, T.: Nitpick: a counterexample generator for higher-order logic based on a relational model finder. In: Proceedings of the 1st International Conference on Interactive Theorem Proving, ITP, pp. 131–146. Springer (2010)

  3. Bogudlov, I., Lev-Ami, T., Reps, T., Sagiv,M.: Revamping TVLA: making parametric shape analysis competitive. In: Proceedings of the 19th Interenational Conference on Computer Aided Verification, CAV, pp. 221–225. Springer (2007)

  4. Chang, B.-Y.E., Rival, X.: Relational inductive shape analysis. In: Proceedings of the 35th International Symposium on Principles of Programming Languages, POPL, pp. 247–260. ACM (2008)

  5. Dijkstra, E.W.: A Discipline of Programming. Prentice-Hall, Englewood Cliffs (1976)

    MATH  Google Scholar 

  6. Distefano, D., Parkinson, M.J.: jStar: towards practical verification for Java. In: Proceedings of the 23rd Interantional Conference on Object-Oriented Programming Systems Languages and Applications, OOPSLA, pp. 213–226. ACM (2008)

  7. Dunets, A., Schellhorn, G., Reif, W.: Automated flaw detection in algebraic specifications. J. Autom. Reason 45(4), 354–395 (2010)

    Google Scholar 

  8. Ernst, G.: KIV and TVLA proofs for B\(^{+}\) trees. http://www.informatik.uni-augsburg.de/swt/projects/btree.html (2011)

  9. Ernst, G., Schellhorn, G., Reif, W.: Verification of B\(^{+}\) trees: an experiment combining shape analysis and interactive theorem proving. In: Proceedings of the 9th International Conference on Software Engineering and Formal Methods, SEFM, pp. 188–203. Springer (2011)

  10. Fielding, E.: The specification of abstract mappings and their implementation as B\(^{+}\) trees. Technical report, Oxford University, PRG-18 (1980)

  11. Gallier, J.H.: Logic for Computer Science: Foundations of Automatic Theorem Proving. Harper & Row Publishers, Inc., New York (1985)

    Google Scholar 

  12. Gopan, D., Reps, T., Sagiv, M.: A framework for numeric analysis of array operations. In: Proceedings of the 32th International Symposium on Principles of Programming Languages, POPL, pp. 338–350. ACM (2005)

  13. Gulwani, S., Lev-Ami, T., Sagiv, M.: A combination framework for tracking partition sizes. In: Proceedings of the 36th International Symposium on Principles of Programming Languages, POPL, pp. 239–251. ACM (2009)

  14. Harel, D., Kozen, D., Tiuryn, J.: Dynamic Logic. MIT Press, Cambridge, Massachusetts (2000)

  15. Herter, J.: Towards shape analysis of B-trees. Universität Saarbrücken, Master’s thesis (2008)

  16. Loginov, A., Reps, T., Sagiv, M.: Automated verification of the Deutsch-Schorr-Waite tree-traversal algorithm. In: Prof. of Static Analysis Symposium, SAS, pp. 261–279. Springer (2006)

  17. Malecha, G., Morrisett, G., Shinnar, A., Wisnesky, R.: Toward a verified relational database management system. In: Proceedings of the 37th International Symposium on Principles of Programming Languages, POPL, pp. 237–248. ACM (2010)

  18. Reif, W., Schellhorn, G., Stenzel, K., Balser, M.: Structured specifications and interactive proofs with KIV. In: Bibel, W., Schmitt, P. (eds.) Automated Deduction—A Basis for Applications, vol. II, chapter 1, pp. 13–39. Kluwer, Dordrecht (1998)

  19. Reineke, J.: Shape analysis of sets. In: Workshop “Trustworthy Software”. IBFI (2006)

  20. Rinetzky, N., Sagiv, M., Yahav, E.: Interprocedural shape analysis for cutpoint-free programs. In: Proceedings of Static Analysis Symposium, SAS, pp. 284–302. Springer (2005)

  21. Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24, 217–298 (2002)

    Article  Google Scholar 

  22. Sexton, A., Thielecke, H.: Reasoning about B\(^{+}\) trees with operational semantics and separation logic. Electron. Notes Theor. Comput. Sci. 218, 355–369 (2008)

  23. Yorsh, G., Reps, T., Sagiv, M.: Symbolically computing most-precise abstract operations for shape analysis. In: Proceedings of the 10th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS, pp. 530–545. Springer (2004)

Download references

Acknowledgments

We thank Alexander Knapp, Axel Habermaier, and the anonymous reviewers for their valuable feedback.

Author information

Authors and Affiliations

  1. University of Augsburg, Augsburg, Germany

    Gidon Ernst, Gerhard Schellhorn & Wolfgang Reif

Authors
  1. Gidon Ernst
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gerhard Schellhorn
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wolfgang Reif
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gidon Ernst.

Additional information

Communicated by Dr. Gerardo Schneider, Gilles Barthe, and Alberto Pardo.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ernst, G., Schellhorn, G. & Reif, W. Verification of B\(^+\) trees by integration of shape analysis and interactive theorem proving. Softw Syst Model 14, 27–44 (2015). https://doi.org/10.1007/s10270-013-0320-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-013-0320-1

Keywords

Search

Navigation