A logical relation for monadic encapsulation of state: proving contextual equivalences in the presence of runST

Timany, Amin; Stefanesco, Léo; Krogh-Jespersen, Morten; Birkedal, Lars

doi:10.1145/3158152

Cited by 41 publications

(24 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A notable program logic in the family of concurrent separation logics is Iris that is specifically designed for reasoning about programs written in concurrent higher-order imperative programming languages. Iris has already proven to be versatile for reasoning about a number of sophisticated properties of programming languages [12,16,37]. In order to support modular reasoning about concurrent programs Iris features (1) impredicative invariants for expressing protocols on shared state among multiple threads and (2) allows for encoding of higher-order ghost state using a form of partial commutative monoids for reasoning about resources.…”

Section: Local and Thread-local Reasoningmentioning

confidence: 99%

Aneris: A Mechanised Logic for Modular Reasoning about Distributed Systems

Krogh-Jespersen

Timany

Ohlenbusch

et al. 2020

Programming Languages and Systems

Self Cite

View full text Add to dashboard Cite

Building network-connected programs and distributed systems is a powerful way to provide scalability and availability in a digital, always-connected era. However, with great power comes great complexity. Reasoning about distributed systems is well-known to be difficult. In this paper we present Aneris, a novel framework based on separation logic supporting modular, node-local reasoning about concurrent and distributed systems. The logic is higher-order, concurrent, with higherorder store and network sockets, and is fully mechanized in the Coq proof assistant. We use our framework to verify an implementation of a load balancer that uses multi-threading to distribute load amongst multiple servers and an implementation of the two-phase-commit protocol with a replicated logging service as a client. The two examples certify that Aneris is well-suited for both horizontal and vertical modular reasoning.

show abstract

Section: Local and Thread-local Reasoningmentioning

confidence: 99%

Aneris: A Mechanised Logic for Modular Reasoning about Distributed Systems

Krogh-Jespersen

Timany

Ohlenbusch

et al. 2020

Programming Languages and Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…Iris is a language-generic framework for higher-order concurrent separation logic [Jung et al 2016[Jung et al , 2017b[Jung et al , 2015, which in the past year has been equipped with tactical support for conducting machine-checked proofs of programs in Coq ] and deployed in several ongoing verification projects [Kaiser et al 2017;Swasey et al 2017;Tassarotti et al 2017;Timany et al 2018]. By virtue of being a separation logic [O'Hearn 2007;Reynolds 2002], Iris comes with built-in support for reasoning modularly about ownership.…”

Section: Rustbelt: An Extensible Semantic Approach To Proving Soundnmentioning

confidence: 99%

RustBelt: securing the foundations of the Rust programming language

Jung

Jourdan

Krebbers

et al. 2017

Proc. ACM Program. Lang.

241

170

View full text Add to dashboard Cite

Rust is a new systems programming language that promises to overcome the seemingly fundamental tradeoff between high-level safety guarantees and low-level control over resource management. Unfortunately, none of Rust's safety claims have been formally proven, and there is good reason to question whether they actually hold. Specifically, Rust employs a strong, ownership-based type system, but then extends the expressive power of this core type system through libraries that internally use unsafe features. In this paper, we give the first formal (and machine-checked) safety proof for a language representing a realistic subset of Rust. Our proof is extensible in the sense that, for each new Rust library that uses unsafe features, we can say what verification condition it must satisfy in order for it to be deemed a safe extension to the language. We have carried out this verification for some of the most important libraries that are used throughout the Rust ecosystem.

show abstract

“…It is challenging to construct logical relations for languages with higher-order store because of the so-called type-world circularity [Ahmed 2004;Ahmed et al 2002;. The logic of Iris is rich enough to allow for a direct inductive specification of the logical relations for programming languages with advanced features such as higher-order references, recursive types, and concurrency [Krebbers et al 2017b;Krogh-Jespersen et al 2017;Timany et al 2018].…”

Section: Logical Relationsmentioning

confidence: 99%

Mechanized relational verification of concurrent programs with continuations

Timany

Birkedal

2019

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

Concurrent higher-order imperative programming languages with continuations are very flexible and allow for the implementation of sophisticated programming patterns. For instance, it is well known that continuations can be used to implement cooperative concurrency. Continuations can also simplify web server implementations. This, in particular, helps simplify keeping track of the state of server's clients. However, such advanced programming languages are very challenging to reason about. One of the main challenges in reasoning about programs in the presence of continuations is due to the fact that the non-local flow of control breaks the bind rule, one of the important modular reasoning principles of Hoare logic. In this paper we present the first completely formalized tool for interactive mechanized relational verification of programs written in a concurrent higher-order imperative programming language with continuations (call/cc and throw). We develop novel logical relations which can be used to give mechanized proofs of relational properties. In particular, we prove correctness of an implementation of cooperative concurrency with continuations. In addition, we show that that a rudimentary web server implemented using the continuationbased pattern is contextually equivalent to one implemented without the continuation-based pattern. We introduce context-local reasoning principles for our calculus which allows us to regain modular reasoning principles for the fragment of the language without non-local control flow. These novel reasoning principles can be used in tandem with our (non-context-local) Hoare logic for reasoning about programs that do feature non-local control flow. Indeed, we use the combination of context-local and non-context-local reasoning to simplify reasoning about the examples.

show abstract

A logical relation for monadic encapsulation of state: proving contextual equivalences in the presence of runST

Cited by 41 publications

References 25 publications

Aneris: A Mechanised Logic for Modular Reasoning about Distributed Systems

Aneris: A Mechanised Logic for Modular Reasoning about Distributed Systems

RustBelt: securing the foundations of the Rust programming language

Mechanized relational verification of concurrent programs with continuations

Contact Info

Product

Resources

About