Specifying I/O using abstract nested hoare triples in separation logic

Penninckx, Willem; Timany, Amin; Jacobs, Bart

doi:10.1145/3340672.3341118

Cited by 4 publications

(4 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For specifying the safety properties of the I/O behavior, we apply our earlier work [9,8,7]: we use abstract nested Hoare triples in separation logic [11]. For example, a specification for the program send("Hello"); send("world!")…”

Section: Safetymentioning

confidence: 99%

“…For a discussion of related work on verifying safety of I/O behavior and on verifying program termination, we refer to our earlier work [9,5].…”

Section: Related Workmentioning

confidence: 99%

“…For specifying the safety properties of the I/O behavior, we apply our earlier work [9,8,7] on abstract nested Hoare triples in separation logic [11]. For specifying liveness properties, we build on earlier work [5] on verification of basic liveness.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Modular Verification of Liveness Properties of the I/O Behavior of Imperative Programs

Jacobs

2020

Leveraging Applications of Formal Methods, Verification and Validation: Verification Principles

Self Cite

View full text Add to dashboard Cite

One way of verifying systems whose components interact by exchanging messages, such as distributed systems or certain types of concurrent systems, is by defining a protocol that governs the communication between the components and then verifying that each component's input and output (I/O) actions comply with its role in the protocol. In this paper, we propose a separation logic-based approach for specifying and verifying liveness properties of the I/O behavior of such components implemented as imperative programs, such as the property that a server eventually responds to each request. Our approach builds on earlier work for specifying safety properties of the I/O behavior of programs in separation logic by means of abstract nested Hoare triples, and encodes a liveness property verification problem into a termination verification problem by specifying that some appropriately chosen I/O operation (for example, the response to the N 'th request, for some unknown but fixed N ) will cause the program to terminate.

show abstract

Section: Safetymentioning

confidence: 99%

“…For a discussion of related work on verifying safety of I/O behavior and on verifying program termination, we refer to our earlier work [9,5].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Modular Verification of Liveness Properties of the I/O Behavior of Imperative Programs

Jacobs

2020

Leveraging Applications of Formal Methods, Verification and Validation: Verification Principles

Self Cite

View full text Add to dashboard Cite

show abstract

“…Since we introduced prophecy variables into Iris, they have already been put to good use. Penninckx et al [2019] use them for giving abstract specifications of I/O behavior. In a paper appearing alongside ours in the present issue of PACMPL, de Vilhena et al [2020] use them in an essential way in verifying a łlocal generic solverž in Iris.…”

Section: Related and Future Workmentioning

confidence: 99%

The future is ours: prophecy variables in separation logic

Jung

Lepigre

Guturu

et al. 2019

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

Early in the development of Hoare logic, Owicki and Gries introduced auxiliary variables as a way of encoding information about the history of a program's execution that is useful for verifying its correctness. Over a decade later, Abadi and Lamport observed that it is sometimes also necessary to know in advance what a program will do in the future. To address this need, they proposed prophecy variables, originally as a proof technique for refinement mappings between state machines. However, despite the fact that prophecy variables are a clearly useful reasoning mechanism, there is (surprisingly) almost no work that attempts to integrate them into Hoare logic. In this paper, we present the first account of prophecy variables in a Hoare-style program logic that is flexible enough to verify logical atomicity (a relative of linearizability) for classic examples from the concurrency literature like RDCSS and the Herlihy-Wing queue. Our account is formalized in the Iris framework for separation logic in Coq. It makes essential use of ownership to encode the exclusive right to resolve a prophecy, which in turn lets us enforce soundness of prophecies with a very simple set of proof rules.

show abstract