Abstract
We present a Separation Logic with space credits for reasoning about heap space in a sequential call-by-value lambda-calculus equipped with garbage collection and mutable state. A key challenge is to design sound, modular, lightweight mechanisms for establishing the unreachability of a block. Prior work in this area uses pointed-by assertions to keep track of the predecessors of every block, but is carried out in the setting of an assembly-like programming language. We take up the challenge in the setting of a high-level language, where a key problem is to identify and reason about the memory locations that the garbage collector considers as roots. For this purpose, we propose novel "stackable" assertions, which keep track of the existence of stack-to-heap pointers without explicitly recording their origin. Furthermore, we explain how to reason about closures -- concrete heap-allocated data structures that implement the abstract concept of a first-class function. We demonstrate the expressiveness and tractability of our program logic via a range of examples, including recursive functions on linked lists, objects implemented using closures and mutable internal state, recursive functions in continuation-passing style, and three stack implementations that exhibit different space bounds. These last three examples illustrate reasoning about the reachability of the items stored in a container as well as amortized reasoning about space. All of our results are proved in Coq on top of Iris.
- Roberto M. Amadio, Nicholas Ayache, François Bobot, Jaap Boender, Brian Campbell, Ilias Garnier, Antoine Madet, James McKinna, Dominic P. Mulligan, Mauro Piccolo, Randy Pollack, Yann Régis-Gianas, Claudio Sacerdoti Coen, Ian Stark, and Paolo Tranquilli. 2014. Certified Complexity (CerCo). In Foundational and Practical Aspects of Resource Analysis (Lecture Notes in Computer Science, Vol. 8552). Springer, 1–18. http://dx.doi.org/10.1007/978-3-319-12466-7_1 Google ScholarCross Ref
- Andrew W. Appel. 1992. Compiling with Continuations. Cambridge University Press. http://www.cambridge.org/9780521033114 Google ScholarDigital Library
- David Aspinall, Lennart Beringer, Martin Hofmann, Hans-Wolfgang Loidl, and Alberto Momigliano. 2007. A program logic for resources. Theoretical Computer Science, 389, 3 (2007), 411–445. https://www.tcs.ifi.lmu.de/mitarbeiter/martin-hofmann/publikationen-pdfs/j25-ProgramLogisResources.pdf Google ScholarDigital Library
- David Aspinall and Martin Hofmann. 2002. Another Type System for In-Place Update. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science, Vol. 2305). Springer, 36–52. https://www.tcs.ifi.lmu.de/mitarbeiter/martin-hofmann/publikationen-pdfs/c22-anothertypesystem.pdf Google Scholar
- Robert Atkey. 2011. Amortised Resource Analysis with Separation Logic. Logical Methods in Computer Science, 7, 2:17 (2011), http://bentnib.org/amortised-sep-logic-journal.pdf Google Scholar
- Frédéric Besson, Sandrine Blazy, and Pierre Wilke. 2019. CompCertS: a Memory-Aware Verified C Compiler Using a Pointer as Integer Semantics. Journal of Automated Reasoning, 63, 2 (2019), 369–392. https://doi.org/10.1007/s10817-018-9496-y Google ScholarDigital Library
- Wayne D. Blizard. 1990. Negative membership.. Notre Dame Journal of Formal Logic, 31, 3 (1990), 346 – 368. https://doi.org/10.1305/ndjfl/1093635499 Google ScholarCross Ref
- Richard Bornat, Cristiano Calcagno, Peter O’Hearn, and Matthew Parkinson. 2005. Permission accounting in separation logic. In Principles of Programming Languages (POPL). 259–270. http://www.cs.ucl.ac.uk/staff/p.ohearn/papers/permissions_paper.pdf Google Scholar
- John Boyland. 2003. Checking Interference with Fractional Permissions. In Static Analysis Symposium (SAS) (Lecture Notes in Computer Science, Vol. 2694). Springer, 55–72. http://www.cs.uwm.edu/~boyland/papers/permissions.pdf Google Scholar
- Stephen Brookes and Peter W. O’Hearn. 2016. Concurrent separation logic. SIGLOG News, 3, 3 (2016), 47–65. http://siglog.hosting.acm.org/wp-content/uploads/2016/07/siglog_news_9.pdf Google ScholarDigital Library
- Quentin Carbonneaux, Jan Hoffmann, Tahina Ramananandro, and Zhong Shao. 2014. End-to-end verification of stack-space bounds for C programs. In Programming Language Design and Implementation (PLDI). 270–281. http://flint.cs.yale.edu/flint/publications/veristack.pdf Google Scholar
- Quentin Carbonneaux, Jan Hoffmann, and Zhong Shao. 2015. Compositional certified resource bounds. In Programming Language Design and Implementation (PLDI). 467–478. https://www.cs.yale.edu/homes/hoffmann/papers/amort_imp15.pdf Google Scholar
- Arthur Charguéraud and François Pottier. 2017. Verifying the Correctness and Amortized Complexity of a Union-Find Implementation in Separation Logic with Time Credits. Journal of Automated Reasoning, Sept., http://cambium.inria.fr/~fpottier/publis/chargueraud-pottier-uf-sltc.pdf Google Scholar
- Wei-Ngan Chin, Huu Hai Nguyen, Corneliu Popeea, and Shengchao Qin. 2008. Analysing memory resource bounds for low-level programs. In International Symposium on Memory Management. 151–160. https://www7.in.tum.de/~popeea/research/memory.ismm08.pdf Google ScholarDigital Library
- Wei-Ngan Chin, Huu Hai Nguyen, Shengchao Qin, and Martin C. Rinard. 2005. Memory Usage Verification for OO Programs. In Static Analysis Symposium (SAS) (Lecture Notes in Computer Science, Vol. 3672). Springer, 70–86. https://doi.org/10.1007/11547662_7 Google ScholarDigital Library
- Dave Clarke, Johan Östlund, Ilya Sergey, and Tobias Wrigstad. 2013. Ownership Types: A Survey. In Aliasing in Object-Oriented Programming. Types, Analysis and Verification (Lecture Notes in Computer Science, Vol. 7850). Springer, 15–58. http://dx.doi.org/10.1007/978-3-642-36946-9_3 Google ScholarCross Ref
- William R. Cook. 2009. On understanding data abstraction, revisited. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA). 557–572. http://www.cs.utexas.edu/~wcook/Drafts/2009/essay.pdf Google Scholar
- Karl Crary and Stephanie Weirich. 2000. Resource bound certification. In Principles of Programming Languages (POPL). 184–198. http://www.cs.cornell.edu/talc/papers/resource_bound/res.pdf Google Scholar
- Matthias Felleisen and Robert Hieb. 1992. The Revised Report on the Syntactic Theories of Sequential Control and State. Theoretical Computer Science, 103, 2 (1992), 235–271. https://www2.ccs.neu.edu/racket/pubs/tcs92-fh.pdf Google ScholarDigital Library
- Jean-Christophe Filliâtre. 2011. Deductive software verification. Software Tools for Technology Transfer, 13, 5 (2011), 397–403. https://doi.org/10.1007/s10009-011-0211-0 Google ScholarCross Ref
- Alejandro Gómez-Londoño, Johannes Åman Pohjola, Hira Taqdees Syeda, Magnus O. Myreen, and Yong Kiam Tan. 2020. Do you have space for dessert? A verified space cost semantics for CakeML programs. Proceedings of the ACM on Programming Languages, 4, OOPSLA (2020), 204:1–204:29. https://doi.org/10.1145/3428272 Google ScholarDigital Library
- Theodore Hailperin. 1986. Chapter 2 Formalization of Boole’s Logic. In Boole’s Logic and Probability (Studies in Logic and the Foundations of Mathematics, Vol. 85). Elsevier, 135–172. issn:0049-237X https://doi.org/10.1016/S0049-237X(08)70247-7 Google ScholarCross Ref
- Joseph J. Hallet and Assaf Kfoury. 2005. A Formal Semantics for Weak References. Boston University. https://open.bu.edu/handle/2144/1857 Google Scholar
- Maximilian P. L. Haslbeck and Peter Lammich. 2021. For a Few Dollars More - Verified Fine-Grained Algorithm Analysis Down to LLVM. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science, Vol. 12648). Springer, 292–319. https://www21.in.tum.de/~haslbema/documents/Haslbeck_Lammich_LLVM_with_Time.pdf Google Scholar
- Maximilian P. L. Haslbeck and Tobias Nipkow. 2018. Hoare Logics for Time Bounds: A Study in Meta Theory. In Tools and Algorithms for Construction and Analysis of Systems (TACAS) (Lecture Notes in Computer Science, Vol. 10805). Springer, 155–171. https://www21.in.tum.de/~nipkow/pubs/tacas18.pdf Google Scholar
- Barry Hayes. 1997. Ephemerons: A New Finalization Mechanism. In Proceedings of the 1997 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages & Applications, OOPSLA 1997, Atlanta, Georgia, October 5-9, 1997, Mary E. S. Loomis, Toby Bloom, and A. Michael Berman (Eds.). ACM, 176–183. https://doi.org/10.1145/263698.263733 Google ScholarDigital Library
- Guanhua He, Shengchao Qin, Chenguang Luo, and Wei-Ngan Chin. 2009. Memory Usage Verification Using Hip/Sleek. In Automated Technology for Verification and Analysis (ATVA) (Lecture Notes in Computer Science, Vol. 5799). Springer, 166–181. https://dro.dur.ac.uk/6241/ Google ScholarDigital Library
- Jan Hoffmann, Klaus Aehlig, and Martin Hofmann. 2012. Multivariate amortized resource analysis. ACM Transactions on Programming Languages and Systems, 34, 3 (2012), 14:1–14:62. https://www.cs.cmu.edu/~janh/assets/pdf/HoffmannAH10.pdf Google ScholarDigital Library
- Jan Hoffmann, Klaus Aehlig, and Martin Hofmann. 2012. Resource Aware ML. In Computer Aided Verification (CAV) (Lecture Notes in Computer Science, Vol. 7358). Springer, 781–786. http://dx.doi.org/10.1007/978-3-642-31424-7_64 Google ScholarDigital Library
- Jan Hoffmann, Ankush Das, and Shu-Chun Weng. 2017. Towards automatic resource bound analysis for OCaml. In Principles of Programming Languages (POPL). 359–373. http://www.cs.cmu.edu/~janh/papers/HoffmannDW17.pdf Google Scholar
- Martin Hofmann. 1999. Linear Types and Non-Size-Increasing Polynomial Time Computation. In Logic in Computer Science (LICS). 464–473. https://doi.org/10.1109/LICS.1999.782641 Google ScholarCross Ref
- Martin Hofmann. 2000. A type system for bounded space and functional in-place update. Nordic Journal of Computing, 7, 4 (2000), 258–289. http://www.dcs.ed.ac.uk/home/mxh/nordic.ps.gz Google ScholarDigital Library
- Martin Hofmann. 2003. Linear types and non-size-increasing polynomial time computation. Information and Computation, 183, 1 (2003), 57–85. https://doi.org/10.1016/S0890-5401(03)00009-9 Google ScholarDigital Library
- Martin Hofmann and Steffen Jost. 2003. Static prediction of heap space usage for first-order functional programs. In Principles of Programming Languages (POPL). 185–197. http://www2.tcs.ifi.lmu.de/~jost/research/POPL_2003_Jost_Hofmann.pdf Google Scholar
- Martin Hofmann and Steffen Jost. 2006. Type-Based Amortised Heap-Space Analysis. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science, Vol. 3924). Springer, 22–37. https://www.tcs.ifi.lmu.de/mitarbeiter/martin-hofmann/publikationen-pdfs/c36-typebasedamortisedheap-space.pdf Google Scholar
- Martin Hofmann and Dulma Rodriguez. 2009. Efficient Type-Checking for Amortised Heap-Space Analysis. In Computer Science Logic (Lecture Notes in Computer Science, Vol. 5771). Springer, 317–331. https://doi.org/10.1007/978-3-642-04027-6_24 Google ScholarCross Ref
- Martin Hofmann and Dulma Rodriguez. 2013. Automatic Type Inference for Amortised Heap-Space Analysis. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science, Vol. 7792). Springer, 593–613. https://doi.org/10.1007/978-3-642-37036-6_32 Google ScholarDigital Library
- Chung-Kil Hur, Derek Dreyer, and Viktor Vafeiadis. 2011. Separation Logic in the Presence of Garbage Collection. In Logic in Computer Science (LICS). 247–256. http://people.mpi-sws.org/~dreyer/papers/gcsl/paper.pdf Google Scholar
- Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Aleš Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. Journal of Functional Programming, 28 (2018), e20. https://people.mpi-sws.org/~dreyer/papers/iris-ground-up/paper.pdf Google ScholarCross Ref
- Ioannis T. Kassios and Eleftherios Kritikos. 2013. A Discipline for Program Verification Based on Backpointers and Its Use in Observational Disjointness. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science, Vol. 7792). Springer, 149–168. https://doi.org/10.1007/978-3-642-37036-6_10 Google ScholarDigital Library
- Peter J. Landin. 1964. The Mechanical Evaluation of Expressions. Computer Journal, 6, 4 (1964), Jan., 308–320. Google ScholarCross Ref
- Xavier Leroy. 2021. The CompCert C compiler. http://compcert.org/ Google Scholar
- Daniel Loeb. 1992. Sets with a negative number of elements. Advances in Mathematics, 91, 1 (1992), 64–74. issn:0001-8708 https://doi.org/10.1016/0001-8708(92)90011-9 Google ScholarCross Ref
- Jean-Marie Madiot and François Pottier. 2022. A Separation Logic for Heap Space under Garbage Collection. Proceedings of the ACM on Programming Languages, 6, POPL (2022), Jan., http://cambium.inria.fr/~fpottier/publis/madiot-pottier-diamonds-2022.pdf Google ScholarDigital Library
- Alexandre Moine, Arthur Charguéraud, and François Pottier. 2022. A High-Level Separation Logic for Heap Space under Garbage Collection (Extended Version). https://hal.inria.fr/hal-03823056 Google Scholar
- Alexandre Moine, Arthur Charguéraud, and François Pottier. 2022. A High-Level Separation Logic for Heap Space under Garbage Collection (Proof Artifact). https://gitlab.inria.fr/amoine/spacelambda Google Scholar
- J. Gregory Morrisett, Matthias Felleisen, and Robert Harper. 1995. Abstract Models of Memory Management. In Functional Programming Languages and Computer Architecture (FPCA). 66–77. https://www.cs.cmu.edu/~rwh/papers/gc/fpca95.pdf Google Scholar
- Ike Mulder, Robbert Krebbers, and Herman Geuvers. 2022. Diaframe: Automated Verification of Fine-Grained Concurrent Programs in Iris. In Programming Language Design and Implementation (PLDI). https://doi.org/10.1145/3519939.3523432 Google ScholarDigital Library
- Glen Mével, Jacques-Henri Jourdan, and François Pottier. 2019. Time credits and time receipts in Iris. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science, Vol. 11423). Springer, 1–27. http://cambium.inria.fr/~fpottier/publis/mevel-jourdan-pottier-time-in-iris-2019.pdf Google ScholarCross Ref
- Yue Niu and Jan Hoffmann. 2018. Automatic Space Bound Analysis for Functional Programs with Garbage Collection. In Logic for Programming Artificial Intelligence and Reasoning (LPAR) (EPiC Series in Computing, Vol. 57). 543–563. https://easychair.org/publications/paper/dcnD Google Scholar
- Peter W. O’Hearn. 2019. Separation logic. Commun. ACM, 62, 2 (2019), 86–95. https://doi.org/10.1145/3211968 Google ScholarDigital Library
- Zoe Paraskevopoulou and Andrew W. Appel. 2019. Closure conversion is safe for space. Proceedings of the ACM on Programming Languages, 3, ICFP (2019), 83:1–83:29. https://doi.org/10.1145/3341687 Google ScholarDigital Library
- John C. Reynolds. 1975. User-defined Types and Procedural Data Structures as Complementary Approaches to Data Abstraction. Carnegie Mellon University. http://repository.cmu.edu/compsci/1278/ Google Scholar
- John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In Logic in Computer Science (LICS). 55–74. http://www.cs.cmu.edu/~jcr/seplogic.pdf Google Scholar
- Hassler Whitney. 1933. Characteristic Functions and the Algebra of Logic. Annals of Mathematics, 34, 3 (1933), 405–414. issn:0003486X http://www.jstor.org/stable/1968168 Google ScholarCross Ref
Index Terms
- A High-Level Separation Logic for Heap Space under Garbage Collection
Recommendations
A separation logic for heap space under garbage collection
We present SL♢, a Separation Logic that allows controlling the heap space consumption of a program in the presence of dynamic memory allocation and garbage collection. A user of the logic works with space credits, a resource that is consumed when an ...
Higher-Order Separation Logic in Isabelle/HOLCF
We formalize higher-order separation logic for a first-order imperative language with procedures and local variables in Isabelle/HOLCF. The assertion language is modeled in such a way that one may use any theory defined in Isabelle/HOLCF to construct ...
Cyclic proofs of program termination in separation logic
POPL '08We propose a novel approach to proving the termination of heap-manipulating programs, which combines separation logic with cyclic proof within a Hoare-style proof system.Judgements in this system express (guaranteed) termination of the program when ...
Comments