Ralf Jung
ABSTRACT
The development of concurrent separation logic (CSL) has sparked a long line of work on modular verification of sophisticated concurrent programs. Two of the most important features supported by several existing extensions to CSL are higher-order quantification and custom ghost state. However, none of the logics that support both of these features reap the full potential of their combination. In particular, none of them provide general support for a feature we dub "higher-order ghost state": the ability to store arbitrary higher-order separation-logic predicates in ghost variables.
In this paper, we propose higher-order ghost state as a interesting and useful extension to CSL, which we formalize in the framework of Jung et al.'s recently developed Iris logic. To justify its soundness, we develop a novel algebraic structure called CMRAs ("cameras"), which can be thought of as "step-indexed partial commutative monoids". Finally, we show that Iris proofs utilizing higher-order ghost state can be effectively formalized in Coq, and discuss the challenges we faced in formalizing them.
- Higher-Order Ghost State: Appendix and Coq development. Available on the Iris project website at http://plv.mpi-sws.org/iris/.Google Scholar
- P. America and J. Rutten. Solving reflexive domain equations in a category of complete metric spaces. JCSS, 39(3):343–375, 1989.Google ScholarCross Ref
- A. Appel and D. McAllester. An indexed model of recursive types for foundational proof-carrying code. TOPLAS, 23(5):657–683, 2001. Google ScholarDigital Library
- A. W. Appel, editor. Program Logics for Certified Compilers. Cambridge University Press, 2014. Google ScholarDigital Library
- A. Asperti, W. Ricciotti, C. S. Coen, and E. Tassi. Hints in unification. In TPHOLs, volume 5674 of LNCS, pages 84–98, 2009. Google ScholarDigital Library
- J. Bengtson, J. B. Jensen, and L. Birkedal. Charge! - A Framework for Higher-Order Separation Logic in Coq. In ITP, volume 7406 of LNCS, pages 315–331, 2012.Google Scholar
- L. Birkedal, K. Støvring, and J. Thamsborg. The category-theoretic solution of recursive metric-space equations. TCS, 411(47):4102–4122, 2010. Google ScholarDigital Library
- A. Buisse, L. Birkedal, and K. Støvring. Step-indexed Kripke model of separation logic for storable locks. ENTCS, 276:121–143, 2011. Google ScholarDigital Library
- A. Chlipala. The Bedrock structured programming system: combining generative metaprogramming and Hoare logic in an extensible program verifier. In ICFP, pages 391–402, 2013. Google ScholarDigital Library
- E. Cohen, E. Alkassar, V. Boyarinov, M. Dahlweid, U. Degenbaev, M. Hillebrand, B. Langenstein, D. Leinenbach, M. Moskal, S. Obua, W. Paul, H. Pentchev, E. Petrova, T. Santen, N. Schirmer, S. Schmaltz, W. Schulte, A. Shadrin, S. Tobies, A. Tsyban, and S. Tverdyshev. Invariants, modularity, and rights. In PSI, volume 5947 of LNCS, pages 43–55, 2009. Google ScholarDigital Library
- P. da Rocha Pinto, T. Dinsdale-Young, and P. Gardner. TaDA: A logic for time and data abstraction. In ECOOP, pages 207–231, 2014. Google ScholarDigital Library
- T. Dinsdale-Young, L. Birkedal, P. Gardner, M. J. Parkinson, and H. Yang. Views: Compositional reasoning for concurrent programs. In POPL, 2013. Google ScholarDigital Library
- T. Dinsdale-Young, M. Dodds, P. Gardner, M. Parkinson, and V. Vafeiadis. Concurrent abstract predicates. In ECOOP, pages 504–528, 2010. Google ScholarDigital Library
- R. Dockins, A. Hobor, and A. W. Appel. A fresh look at separation algebras and share accounting. In APLAS, pages 161–177, 2009. Google ScholarDigital Library
- M. Dodds, S. Jagannathan, M. J. Parkinson, K. Svendsen, and L. Birkedal. Verifying custom synchronization constructs using higher-order separation logic. TOPLAS, 38(2):4, 2016. Google ScholarDigital Library
- X. Feng. Local rely-guarantee reasoning. In POPL, pages 315–327, 2009. Google ScholarDigital Library
- X. Feng, R. Ferreira, and Z. Shao. On the relationship between concurrent separation logic and assume-guarantee reasoning. In ESOP, pages 173–188, 2007. Google ScholarDigital Library
- M. Fu, Y. Li, X. Feng, Z. Shao, and Y. Zhang. Reasoning about optimistic concurrency using a program logic for history. In CONCUR, pages 388–402, 2010. Google ScholarDigital Library
- F. Garillot, G. Gonthier, A. Mahboubi, and L. Rideau. Packaging mathematical structures. In TPHOLs, volume 5674 of LNCS, pages 327–342, 2009. Google ScholarDigital Library
- A. Gotsman, J. Berdine, B. Cook, N. Rinetzky, and M. Sagiv. Local reasoning for storable locks and threads. In APLAS, pages 19–37, 2007. Google ScholarDigital Library
- A. Hobor, A. Appel, and F. Zappa Nardelli. Oracle semantics for concurrent separation logic. In ESOP, pages 353–367, 2008. Google ScholarDigital Library
- A. Hobor, R. Dockins, and A. Appel. A theory of indirection via approximation. In POPL, 2010. Google ScholarDigital Library
- J. B. Jensen, N. Benton, and A. Kennedy. High-level separation logic for low-level code. In POPL, pages 301–314, 2013. Google ScholarDigital Library
- R. Jung, D. Swasey, F. Sieczkowski, K. Svendsen, A. Turon, L. Birkedal, and D. Dreyer. Iris: Monoids and invariants as an orthogonal basis for concurrent reasoning. In POPL, pages 637–650, 2015. Google ScholarDigital Library
- R. Krebbers. The C standard formalized in Coq. PhD thesis, Radboud University, 2015.Google Scholar
- G. Malecha and J. Bengtson. Easy and efficient automation through reflective tactics. In ESOP, 2016.Google Scholar
- A. Nanevski, R. Ley-Wild, I. Sergey, and G. A. Delbianco. Communicating state transition systems for fine-grained concurrent resources. In ESOP, pages 290–310, 2014. Google ScholarDigital Library
- P. O’Hearn. Resources, concurrency, and local reasoning. TCS, 375(1):271–307, 2007. Google ScholarDigital Library
- S. Owicki and D. Gries. Verifying properties of parallel programs: An axiomatic approach. CACM, 19(5):279–285, 1976. Google ScholarDigital Library
- F. Pottier. Syntactic soundness proof of a type-and-capability system with hidden state. JFP, 23(1):38–144, 2013. Google ScholarDigital Library
- I. Sergey, A. Nanevski, and A. Banerjee. Mechanized verification of fine-grained concurrent programs. In PLDI, pages 77–87, 2015. Google ScholarDigital Library
- F. Sieczkowski, A. Bizjak, and L. Birkedal. ModuRes: A Coq library for modular reasoning about concurrent higher-order imperative programming languages. In ITP, volume 9236 of LNCS, pages 375– 390, 2015.Google Scholar
- M. Sozeau. A new look at generalized rewriting in type theory. JFR, 2(1):41–62, 2009.Google Scholar
- B. Spitters and E. van der Weegen. Type classes for mathematics in type theory. MSCS, 21(4):795–825, 2011.Google Scholar
- K. Svendsen and L. Birkedal. Impredicative concurrent abstract predicates. In ESOP, pages 149–168, 2014. Google ScholarDigital Library
- K. Svendsen, L. Birkedal, and M. J. Parkinson. Modular reasoning about separation of concurrent data structures. In ESOP, pages 169– 188, 2013. Google ScholarDigital Library
- H. Tuch, G. Klein, and M. Norrish. Types, bytes, and separation logic. In POPL, pages 97–108, 2007. Google ScholarDigital Library
- A. Turon, D. Dreyer, and L. Birkedal. Unifying refinement and Hoarestyle reasoning in a logic for higher-order concurrency. In ICFP, pages 377–390, 2013. Google ScholarDigital Library
- A. Turon, V. Vafeiadis, and D. Dreyer. GPS: navigating weak memory with ghosts, protocols, and separation. In OOPSLA, pages 691–707, 2014. Google ScholarDigital Library
- V. Vafeiadis and M. Parkinson. A marriage of rely/guarantee and separation logic. In CONCUR, pages 256–271, 2007. Google ScholarDigital Library
Index Terms
- Higher-order ghost state
Recommendations
Interactive proofs in higher-order concurrent separation logic
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming LanguagesWhen using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...
Higher-order ghost state
ICFP '16The development of concurrent separation logic (CSL) has sparked a long line of work on modular verification of sophisticated concurrent programs. Two of the most important features supported by several existing extensions to CSL are higher-order ...
Interactive proofs in higher-order concurrent separation logic
POPL '17When using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...
Comments