Robbert Krebbers
Amin Timany
Abstract
When using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they are cluttered with bookkeeping code related to manipulating the object logic.
In this paper, we introduce a so-called proof mode that extends the Coq proof assistant with (spatial and non-spatial) named proof contexts for the object logic. We show that thanks to these contexts we can implement high-level tactics for introduction and elimination of the connectives of the object logic, and thereby make reasoning in the embedded logic as seamless as reasoning in the meta logic of the proof assistant. We apply our method to Iris: a state of the art higher-order impredicative concurrent separation logic.
We show that our method is very general, and is not just limited to program verification. We demonstrate its generality by formalizing correctness proofs of fine-grained concurrent algorithms, derived constructs of the Iris logic, and a unary and binary logical relation for a language with concurrency, higher-order store, polymorphism, and recursive types. This is the first formalization of a binary logical relation for such an expressive language. We also show how to use the logical relation to prove contextual refinement of fine-grained concurrent algorithms.
- A. Ahmed. Semantics of Types for Mutable State. PhD thesis, Princeton University, 2004. Google Scholar
Digital Library
- A. Ahmed. Step-indexed syntactic logical relations for recursive and quantified types. In ESOP, 2006. Google ScholarDigital Library
- A. Appel, P.-A. Melliès, C. Richards, and J. Vouillon. A very modal model of a modern, major, general type system. In POPL, 2007. Google ScholarDigital Library
- A. W. Appel. Tactics for Separation Logic, 2006. Available at http://www.cs.princeton.edu/~appel/papers/septacs.pdf.Google Scholar
- A. W. Appel, editor. Program Logics for Certified Compilers. Cambridge University Press, 2014. Google ScholarCross Ref
- J. Bengtson, J. B. Jensen, and L. Birkedal. Charge! - A Framework for Higher-Order Separation Logic in Coq. In ITP, volume 7406 of LNCS, pages 315–331, 2012.Google Scholar
- J. Berdine, C. Calcagno, and P. W. O’Hearn. Symbolic Execution with Separation Logic. In APLAS, volume 3780 of LNCS, pages 52–68, 2005. Google ScholarDigital Library
- L. Birkedal, B. Reus, J. Schwinghammer, K. Støvring, J. Thamsborg, and H. Yang. Step-indexed Kripke models over recursive worlds. In POPL, 2011. Google ScholarDigital Library
- A. Chlipala. The Bedrock structured programming system: combining generative metaprogramming and Hoare logic in an extensible program verifier. In ICFP, pages 391–402, 2013. Google ScholarDigital Library
- Coq Development Team. The Coq Proof Assistant Reference Manual, 2016. Available at https://coq.inria.fr/doc/.Google Scholar
- P. da Rocha Pinto, T. Dinsdale-Young, and P. Gardner. TaDA: A logic for time and data abstraction. In ECOOP, pages 207–231, 2014. Google ScholarDigital Library
- D. Delahaye. A Tactic Language for the System Coq. In LPAR, volume 1955 of LNCS, pages 85–95, 2000. Google ScholarDigital Library
- T. Dinsdale-Young, M. Dodds, P. Gardner, M. Parkinson, and V. Vafeiadis. Concurrent abstract predicates. In ECOOP, pages 504–528, 2010. Google ScholarDigital Library
- D. Dreyer. ERC Project “RustBelt”, 2016. Available at http://plv.mpi-sws.org/rustbelt/.Google Scholar
- D. Dreyer, A. Ahmed, and L. Birkedal. Logical step-indexed logical relations. LMCS, 7(2:16), 2011.Google Scholar
- X. Feng. Local rely-guarantee reasoning. In POPL, pages 315–327, 2009. Google ScholarDigital Library
- X. Feng, R. Ferreira, and Z. Shao. On the relationship between concurrent separation logic and assume-guarantee reasoning. In ESOP, pages 173–188, 2007. Google ScholarDigital Library
- M. Fu, Y. Li, X. Feng, Z. Shao, and Y. Zhang. Reasoning about optimistic concurrency using a program logic for history. In CONCUR, pages 388–402, 2010. Google ScholarDigital Library
- M. Gordon and T. Melham, editors. Introduction to HOL. Cambridge University Press, 1993.Google ScholarDigital Library
- M. J. C. Gordon, R. Milner, and C. P. Wadsworth. Edinburgh LCF, volume 78 of LNCS. Springer, 1979.Google ScholarCross Ref
- B. Jacobs, J. Smans, P. Philippaerts, F. Vogels, W. Penninckx, and F. Piessens. VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java. In NFM, volume 6617 of LNCS, pages 41–55, 2011. Google ScholarDigital Library
- J. B. Jensen, N. Benton, and A. Kennedy. High-level separation logic for low-level code. In POPL, pages 301–314, 2013. Google ScholarDigital Library
- R. Jung, R. Krebbers, L. Birkedal, and D. Dreyer. Higher-order ghost state. In ICFP, pages 256–269, 2016. Google ScholarDigital Library
- R. Jung, D. Swasey, F. Sieczkowski, K. Svendsen, A. Turon, L. Birkedal, and D. Dreyer. Iris: Monoids and invariants as an orthogonal basis for concurrent reasoning. In POPL, pages 637–650, 2015. Google ScholarDigital Library
- R. Krebbers. The C standard formalized in Coq. PhD thesis, Radboud University, 2015.Google Scholar
- R. Krebbers, R. Jung, A. Bizjak, J.-H. Jourdan, D. Dreyer, and L. Birkedal. The Essence of Higher-Order Concurrent Separation Logic, 2016. Draft.Google Scholar
- M. Krogh-Jespersen, K. Svendsen, and L. Birkedal. A Logical Account of a Type-and-Effect System. In POPL, 2017.Google Scholar
- G. Malecha and J. Bengtson. Extensible and Efficient Automation Through Reflective Tactics. In ESOP, volume 9632 of LNCS, pages 532–559, 2016.Google Scholar
- A. McCreight. Practical Tactics for Separation Logic. In TPHOLs, volume 5674 of LNCS, pages 343–358, 2009. Google ScholarDigital Library
- H. Nakano. A modality for recursion. In LICS, 2000. Google ScholarDigital Library
- A. Nanevski, R. Ley-Wild, I. Sergey, and G. A. Delbianco. Communicating state transition systems for fine-grained concurrent resources. In ESOP, pages 290–310, 2014. Google ScholarDigital Library
- A. Nanevski, V. Vafeiadis, and J. Berdine. Structuring the verification of heap-manipulating programs. In POPL, pages 261–274, 2010. Google ScholarDigital Library
- A. Pilkiewicz and F. Pottier. The essence of monotonic state. In TLDI, 2011. Google ScholarDigital Library
- G. Plotkin and M. Abadi. A logic for parametric polymorphism. In TLCA, 1993. Google ScholarDigital Library
- S. Schäfer, T. Tebbi, and G. Smolka. Autosubst: Reasoning with de Bruijn Terms and Parallel Substitutions. In ITP, volume 9236 of LNCS, pages 359–374, 2015.Google Scholar
- I. Sergey, A. Nanevski, and A. Banerjee. Mechanized verification of fine-grained concurrent programs. In PLDI, pages 77–87, 2015. Google ScholarDigital Library
- F. Sieczkowski, A. Bizjak, and L. Birkedal. ModuRes: A Coq library for modular reasoning about concurrent higher-order imperative programming languages. In ITP, volume 9236 of LNCS, pages 375– 390, 2015.Google Scholar
- M. Sozeau and N. Oury. First-Class Type Classes. In TPHOLs, volume 5170 of LNCS, pages 278–293, 2008. Google ScholarDigital Library
- B. Spitters and E. van der Weegen. Type classes for mathematics in type theory. MSCS, 21(4):795–825, 2011.Google Scholar
- K. Svendsen and L. Birkedal. Impredicative concurrent abstract predicates. In ESOP, pages 149–168, 2014. Google ScholarDigital Library
- K. Svendsen, L. Birkedal, and M. J. Parkinson. Modular reasoning about separation of concurrent data structures. In ESOP, pages 169– 188, 2013. Google ScholarDigital Library
- A. Turon, D. Dreyer, and L. Birkedal. Unifying refinement and Hoarestyle reasoning in a logic for higher-order concurrency. In ICFP, pages 377–390, 2013. Google ScholarDigital Library
- V. Vafeiadis and M. Parkinson. A marriage of rely/guarantee and separation logic. In CONCUR, pages 256–271, 2007. Google ScholarDigital Library
- M. Wildmoser and T. Nipkow. Certifying Machine Code Safety: Shallow Versus Deep Embedding. In TPHOLs, volume 3223 of LNCS, pages 305–320, 2004.Google Scholar
Index Terms
- Interactive proofs in higher-order concurrent separation logic
Recommendations
Interactive proofs in higher-order concurrent separation logic
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming LanguagesWhen using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...
MoSeL: a general, extensible modal framework for interactive proofs in separation logic
A number of tools have been developed for carrying out separation-logic proofs mechanically using an interactive proof assistant. One of the most advanced such tools is the Iris Proof Mode (IPM) for Coq, which offers a rich set of tactics for making ...
Beyond Backtracking: Connections in Fine-Grained Concurrent Separation Logic
Concurrent separation logic has been responsible for major advances in the formal verification of fine-grained concurrent algorithms and data structures such as locks, barriers, queues, and reference counters. The key ingredient of the verification of ...
Comments