ReLoC

Frumin, Dan; Krebbers, Robbert; Birkedal, Lars

doi:10.1145/3209108.3209174

Cited by 38 publications

(4 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Logical Relations. Logical relations have been studied extensively in the context of Iris, for type safety of type systems [22,27,34], program refinement [16,34,35,44,48], robust safety [43], and non-interference [17]. The most immediately related work in this area is the RustBelt project [27], which uses logical relations to prove type safety and dataracefreedom of a large subset of Rust and its standard libraries, focusing on Rust's lifetime and borrowing mechanism.…”

Section: Related Workmentioning

confidence: 99%

Machine-checked semantic session typing

Hinrichsen

Louwrink

Krebbers

et al. 2021

Proceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs

Self Cite

View full text Add to dashboard Cite

Session typesÐa family of type systems for message-passing concurrencyÐhave been subject to many extensions, where each extension comes with a separate proof of type safety. These extensions cannot be readily combined, and their proofs of type safety are generally not machine checked, making their correctness less trustworthy. We overcome these shortcomings with a semantic approach to binary asynchronous affine session types, by developing a logical relations model in Coq using the Iris program logic. We demonstrate the power of our approach by combining various forms of polymorphism and recursion, asynchronous subtyping, references, and locks/mutexes. As an additional benefit of the semantic approach, we demonstrate how to manually prove typing judgements of racy, but safe, programs that cannot be type checked using only the rules of the type system.

show abstract

Section: Related Workmentioning

confidence: 99%

Machine-checked semantic session typing

Hinrichsen

Louwrink

Krebbers

et al. 2021

Proceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs

Self Cite

View full text Add to dashboard Cite

show abstract

“…Linearizability. In a relational flavor of separation logics [Frumin et al 2018;Liang et al 2012;Turon et al 2013], and more generally, in the work on proving linearizability [Bouajjani et al 2017;Gu et al 2015Gu et al , 2018Henzinger et al 2013;Khyzha et al 2017;Liang and Feng 2013;Schellhorn et al 2012], the goal is to explicitly relate two programs, typically one concurrent, the other sequential. The sequential program then serves as a spec for the concurrent one, and can replace it in any larger context.…”

Section: Related Workmentioning

confidence: 99%

“…There exist many solutions to the problem, roughly divided into two kinds: linearizability [Herlihy and Wing 1990], or more generally contextual refinement [Filipović et al 2010a;Liang and Feng 2018;Liang et al 2014], and Concurrent Separation Logic (CSL) [Brookes 2007;O'Hearn 2007], and its many recent extensions to fine-grained (i.e., lock-free) concurrency [da Rocha Pinto et al 2014;Dinsdale-Young et al 2010;Jung et al 2015;Nanevski et al 2014;Svendsen and Birkedal 2014;Svendsen et al 2013]. More recently, some approaches [Frumin et al 2018;Turon et al 2013] employed variants of separation logic to establish linearizability and contextual refinement themselves, suggesting separation logic as a general-purpose method for reasoning about concurrent programs.…”

Section: Introductionmentioning

confidence: 99%

Specifying concurrent programs in separation logic: morphisms and simulations

Nanevski

Banerjee

Delbianco

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

In addition to pre-and postconditions, program specifications in recent separation logics for concurrency have employed an algebraic structure of resources-a form of state transition systems-to describe the state-based program invariants that must be preserved, and to record the permissible atomic changes to program state. In this paper we introduce a novel notion of resource morphism, i.e. structure-preserving function on resources, and show how to effectively integrate it into separation logic, using an associated notion of morphism-specific simulation. We apply morphisms and simulations to programs verified under one resource, to compositionally adapt them to operate under another resource, thus facilitating proof reuse. lock = do x ← CAS(r , false, true) while ¬x 1 The idea of bounding the interference is the foundation behind the classic rely-guarantee method [Jones 1983] as well. In fact, resources may be seen as structuring and compactly representing-in the form of transitions-the rely and guarantee relations of the rely-guarantee method. 2 The Compare-and-Set variant of CAS(r, a, b) [Herlihy and Shavit 2008] atomically sets the pointer r to b if r contains a, otherwise leaves r unchanged. It moreover returns a Boolean value denoting the success or failure of the operation.

show abstract

“…There has been a rich line of work on developing type systems and language safety properties using foundational methods [Ahmed 2006;Appel and McAllester 2001;Appel et al 2007;Frumin et al 2018;Jung et al 2017, etc.]. The foundational approach develops the typing rules of a language as theorems in an expressive logic.…”

Section: Soundnessmentioning

confidence: 99%

Fuzzi: a three-level logic for differential privacy

Zhang

Roth

Haeberlen

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Curators of sensitive datasets sometimes need to know whether queries against the data are differentially private [Dwork et al. 2006]. Two sorts of logics have been proposed for checking this property: (1) type systems and other static analyses, which fully automate straightforward reasoning with concepts like "program sensitivity" and "privacy loss, " and (2) full-blown program logics such as apRHL (an approximate, probabilistic, relational Hoare logic) [Barthe et al. 2016], which support more flexible reasoning about subtle privacypreserving algorithmic techniques but offer only minimal automation.We propose a three-level logic for differential privacy in an imperative setting and present a prototype implementation called Fuzzi. Fuzzi's lowest level is a general-purpose logic; its middle level is apRHL; and its top level is a novel sensitivity logic adapted from the linear-logic-inspired type system of Fuzz, a differentially private functional language [Reed and Pierce 2010]. The key novelty is a high degree of integration between the sensitivity logic and the two lower-level logics: the judgments and proofs of the sensitivity logic can be easily translated into apRHL; conversely, privacy properties of key algorithmic building blocks can be proved manually in apRHL and the base logic, then packaged up as typing rules that can be applied by a checker for the sensitivity logic to automatically construct privacy proofs for composite programs of arbitrary size.We demonstrate Fuzzi's utility by implementing four different private machine-learning algorithms and showing that Fuzzi's checker is able to derive tight sensitivity bounds.

show abstract

ReLoC

Cited by 38 publications

References 37 publications

Machine-checked semantic session typing

Machine-checked semantic session typing

Specifying concurrent programs in separation logic: morphisms and simulations

Fuzzi: a three-level logic for differential privacy

Contact Info

Product

Resources

About