Skip to content

Certora verification of the DLL #100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 61 commits into from
Jan 2, 2023
Merged

Certora verification of the DLL #100

merged 61 commits into from
Jan 2, 2023

Conversation

@QGarchery
Copy link
Collaborator

@QGarchery QGarchery commented Dec 19, 2022
edited
Loading

This PR completes the verification of the Double Linked List data-structure. It is done in two steps:

  • the data-structure is abstracted into the usual DLL, and strong invariants are proved on this data-structure. Notably we prove that the DLL stays decreasingly sorted. Use ./certora/scripts/dll-simple.sh to run the verification.
  • the data-structure from Morpho-Compound is verified, use ./certora/scripts/dll-fifo.sh to run the verification.

The specification files certora/specs/dll-simple.spec and certora/specs/dll-fifo.spec are organized as follows:

  • definitions are given to make the specification clearer. For example the definition isTwoWayLinked is a predicate checking if the existence of a link from account A to account B implies the existence of the link from B to A.
  • invariants and rules are proved using Certora. For example the invariant linkedIsInDLL states that an account that is linked to another account is necessarily in the double linked list. Notice that some of those invariants make heavy use interdependent invariants. The documentation about interdependent invariants was written in parallel of this work.
  • derived results are "pen & paper" proved. This is to prove the most natural properties of the data-structure, without having to duplicate the invariants.

Here is the result of running the dll-fifo.sh script:

dll-fifo

@QGarchery
feat: initial sanity test
48f833e
@QGarchery
fix: add DLL contract, prevent errors removing munged by accident
942c2bb
@QGarchery
feat: circular definitions
6ffb1bf
@QGarchery
feat: isForwardLinked in solidity
e4b5f1e
@QGarchery
feat: decreasingly sorted and linked to 0 invariants
6e62df0
@QGarchery
feat: length in the code, preserve remove check
883f4f1
@QGarchery
feat: prove zeroPrev preserved by remove
9c176cf
@QGarchery
refactor: invariants with tip not 0
c8e9c93
@QGarchery
feat: add definitions in the specification
4ca77d6
@QGarchery
feat: proof tailNextIsZero and linkedIsInDLL
59182f3
@QGarchery
feat: add hook to require invariant inside insertSorted
5a0eebc
@QGarchery
feat: ghost variable to track the element to insert in front of
6767673
@QGarchery
refactor: use public variable instead of hook
4ce152b
@QGarchery
feat: insertAfter
1a3684a
@QGarchery
feat: proved linkedIsInDLL
3a2cd60
@QGarchery
feat: proof of twoWayLinked
96c67bd
@QGarchery
feat: prove zeroIsNotLinked
9834960
@QGarchery
refactor: added isEmpty definition
beb0c50
@QGarchery
feat: proof of tailNextAndValue
a7f6218
@QGarchery
feat: proof of noPrevIsHead
26c4850
@QGarchery
feat: proof of neNextisTailPreservedInsertSorted
2bbea7d
@QGarchery
refactor: cleaning specification and removed constructor
7e160aa
@QGarchery
fix: length computation
5703773
@QGarchery
fix: temporary CVL error, revert munged makefile
6595504
@QGarchery
refactor: add munging for DLL with FIFO
682dba5
@QGarchery
feat: prove simple DLLisDecrSorted
b1a6b90
@QGarchery
feat: prove isForwardLinked preserved remove
4351413
@QGarchery
feat: finish forward link proof
3a6e1d3
@QGarchery
feat: bump number of loops from 3 to 7
efe0239
@QGarchery
feat: prove reachability of every element inside the list
f4c7a01
@QGarchery
feat: prove DLL fifo invariants
8dd1f10
@QGarchery
chore: factorize git ignored files
2a2cd1d
@QGarchery
refactor: remove unnecessary file
7f7ae88
@QGarchery
feat: finish DLL is forward linked
9f06f7b
@QGarchery
refactor: use safeAssumptions
0611dad
@QGarchery
feat: draft of FIFO order and cleaning
b72ca8c
@QGarchery
feat: proved order1 and order2
8f14473
@QGarchery
refactor: put decreasing proofs in the same rule
f021347
@QGarchery
fix: sanity compilation
608618a
@QGarchery
refactor: rename insert before/after into inserted
a9584f7
@QGarchery
refactor: respect rule parameter naming convention
0b4d40c
@QGarchery
refactor: removing useless requires
ff38f97
@QGarchery
docs: improve explanations of further results
f0fa456
@QGarchery
refactor: rework no next and no prev
4274116
@QGarchery
refactor: harmonize getter style
1e0db86
@QGarchery
refactor: rename DLL into MockDLL
26dc07e
@QGarchery
docs: explain the split of invariants into rules
f324e64
@QGarchery
feat: hardened verification of public functions
7acbf43
@QGarchery
Merge remote-tracking branch 'origin/main' into private-certora
c94e4cc
@QGarchery
fix: greaterThanUpTo parameters
39ea6d2
@QGarchery QGarchery self-assigned this Dec 19, 2022
@QGarchery QGarchery mentioned this pull request Dec 19, 2022
Closed
@QGarchery QGarchery requested a review from MathisGD December 21, 2022 13:46
MathisGD
MathisGD reviewed Dec 26, 2022
View reviewed changes
Copy link
Collaborator

@MathisGD MathisGD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didn't reviewed the specs, as I already approved them

@QGarchery QGarchery merged commit 8c19f7d into main Jan 2, 2023
@QGarchery QGarchery deleted the test/certora-3 branch January 2, 2023 17:09
@MathisGD
Copy link
Collaborator

MathisGD commented Jan 2, 2023

Huge work, congrats again !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MathisGD MathisGD MathisGD approved these changes

Assignees

@QGarchery QGarchery

Labels

🧮 certora

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@QGarchery @MathisGD