已验证的顺序Malloc/Free

Proceedings of the 2020 ACM SIGPLAN International Symposium on Memory Management Pub Date : 2020-06-16 DOI:10.1145/3381898.3397211

A. Appel, D. Naumann

{"title":"已验证的顺序Malloc/Free","authors":"A. Appel, D. Naumann","doi":"10.1145/3381898.3397211","DOIUrl":null,"url":null,"abstract":"We verify the functional correctness of an array-of-bins (segregated free-lists) single-thread malloc/free system with respect to a correctness specification written in separation logic. The memory allocator is written in standard C code compatible with the standard API; the specification is in the Verifiable C program logic, and the proof is done in the Verified Software Toolchain within the Coq proof assistant. Our \"resource-aware\" specification can guarantee when malloc will successfully return a block, unlike the standard Posix specification that allows malloc to return NULL whenever it wants to. We also prove subsumption (refinement): the resource-aware specification implies a resource-oblivious spec.","PeriodicalId":301629,"journal":{"name":"Proceedings of the 2020 ACM SIGPLAN International Symposium on Memory Management","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Verified sequential Malloc/Free\",\"authors\":\"A. Appel, D. Naumann\",\"doi\":\"10.1145/3381898.3397211\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We verify the functional correctness of an array-of-bins (segregated free-lists) single-thread malloc/free system with respect to a correctness specification written in separation logic. The memory allocator is written in standard C code compatible with the standard API; the specification is in the Verifiable C program logic, and the proof is done in the Verified Software Toolchain within the Coq proof assistant. Our \\\"resource-aware\\\" specification can guarantee when malloc will successfully return a block, unlike the standard Posix specification that allows malloc to return NULL whenever it wants to. We also prove subsumption (refinement): the resource-aware specification implies a resource-oblivious spec.\",\"PeriodicalId\":301629,\"journal\":{\"name\":\"Proceedings of the 2020 ACM SIGPLAN International Symposium on Memory Management\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-06-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2020 ACM SIGPLAN International Symposium on Memory Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3381898.3397211\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 ACM SIGPLAN International Symposium on Memory Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3381898.3397211","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

摘要

我们根据用分离逻辑编写的正确性规范来验证箱子数组(隔离的自由列表)单线程malloc/free系统的功能正确性。内存分配器是用与标准API兼容的标准C代码编写的;规范在可验证的C程序逻辑中，证明在Coq证明助手中的验证软件工具链中完成。我们的“资源感知”规范可以保证malloc何时会成功返回一个块，而不像标准Posix规范允许malloc在任何时候返回NULL。我们还证明了包容(细化):资源感知的规范意味着资源无关的规范。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Verified sequential Malloc/Free

We verify the functional correctness of an array-of-bins (segregated free-lists) single-thread malloc/free system with respect to a correctness specification written in separation logic. The memory allocator is written in standard C code compatible with the standard API; the specification is in the Verifiable C program logic, and the proof is done in the Verified Software Toolchain within the Coq proof assistant. Our "resource-aware" specification can guarantee when malloc will successfully return a block, unlike the standard Posix specification that allows malloc to return NULL whenever it wants to. We also prove subsumption (refinement): the resource-aware specification implies a resource-oblivious spec.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2020 ACM SIGPLAN International Symposium on Memory Management

自引率

0.00%

发文量