The Essence of Higher-Order Concurrent Separation Logic

Krebbers, Robbert; Jung, Ralf; Bizjak, Aleš; Jourdan, Jacques-Henri; Dreyer, Derek; Birkedal, Lars

doi:10.1007/978-3-662-54434-1_26

Cited by 86 publications

(105 citation statements)

References 38 publications

Supporting

Mentioning

104

Contrasting

Order By: Relevance

“…Higher-order concurrent separation logic [Jung et al 2015;Krebbers et al 2017] can express ghost state within the assertion language of the logic itself. This feature can be used to eliminate the restriction of RGSep[FI] that the semantics of the flow interface predicates is defined on the meta level and that it does not support nesting of flow interface abstractions (i.e., cases where a node of a flow graph should abstract from another flow graph contained in the node).…”

Section: Related Workmentioning

confidence: 99%

Go with the flow: compositional abstractions for concurrent data structures

Krishna

Shasha

Wies

2017

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Concurrent separation logics have helped to significantly simplify correctness proofs for concurrent data structures. However, a recurring problem in such proofs is that data structure abstractions that work well in the sequential setting are much harder to reason about in a concurrent setting due to complex sharing and overlays. To solve this problem, we propose a novel approach to abstracting regions in the heap by encoding the data structure invariant into a local condition on each individual node. This condition may depend on a quantity associated with the node that is computed as a fixpoint over the entire heap graph. We refer to this quantity as a flow. Flows can encode both structural properties of the heap (e.g. the reachable nodes from the root form a tree) as well as data invariants (e.g. sortedness). We then introduce the notion of a flow interface, which expresses the relies and guarantees that a heap region imposes on its context to maintain the local flow invariant with respect to the global heap. Our main technical result is that this notion leads to a new semantic model of separation logic. In this model, flow interfaces provide a general abstraction mechanism for describing complex data structures. This abstraction mechanism admits proof rules that generalize over a wide variety of data structures. To demonstrate the versatility of our approach, we show how to extend the logic RGSep with flow interfaces. We have used this new logic to prove linearizability and memory safety of nontrivial concurrent data structures. In particular, we obtain parametric linearizability proofs for concurrent dictionary algorithms that abstract from the details of the underlying data structure representation. These proofs cannot be easily expressed using the abstraction mechanisms provided by existing separation logics.

show abstract

Section: Related Workmentioning

confidence: 99%

Go with the flow: compositional abstractions for concurrent data structures

Krishna

Shasha

Wies

2017

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…For reasons of space, we cannot explain all of Iris. We refer the reader to the Iris papers and manual [37,38,41, 59] for a full account. Instead, we will just describe some essential aspects needed to understand our extensions and examples.…”

Section: Background On Irismentioning

confidence: 99%

A separation logic for concurrent randomized programs

Tassarotti

Harper

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We present Polaris, a concurrent separation logic with support for probabilistic reasoning. As part of our logic, we extend the idea of coupling, which underlies recent work on probabilistic relational logics, to the setting of programs with both probabilistic and non-deterministic choice. To demonstrate Polaris, we verify a variant of a randomized concurrent counter algorithm and a two-level concurrent skip list. All of our results have been mechanized in Coq.1 Of course, a real scheduler is unlikely to behave in such an adversarial way. However, if the timing of operations can depend on random values, effects like this can arise even with non-adversarial schedulers, as discussed in §5. 2 However, it requires O (log 2 (n)) bits to store the count. Nevertheless, it uses less space than other alternatives for decreasing contention (e.g., having each thread maintain its own local counter).

show abstract

“…Technically, these works are based on "non-standard models" of SL, different from the heaplet model but instances of Pym's resource semantics as in Figure 2; see Pym et al 36 There are many such models, including ones incorporating read and other permissions, 7 auxiliary state, 39 time, 39 protocols, 29 and others. Abstract SL 13 showed how general program logic could be defined based on these models, and the works just mentioned and others showed that some of them had surprising ramifications.…”

Section: Abstraction and The Fiction Of Separationmentioning

confidence: 99%

Separation logic

O’Hearn

2019

Commun. ACM

View full text Add to dashboard Cite

key insights˽ Separation logic supports in-place updating of facts as we reason, in a way that mirrors in-place update of memory during execution, and this leads to logical proofs about imperative programs that match computational intuition.˽ Separation logic supports scalable reasoning by using an inference rule (the frame rule) that allows a proof to be localized to the resources that a program component accesses (its footprint).˽ Concurrent separation logic shows that modular reasoning about threads that share storage and other resources is possible.

show abstract

The Essence of Higher-Order Concurrent Separation Logic

Cited by 86 publications

References 38 publications

Go with the flow: compositional abstractions for concurrent data structures

Go with the flow: compositional abstractions for concurrent data structures

A separation logic for concurrent randomized programs

Separation logic

Contact Info

Product

Resources

About