research-article

Refinement-Based Game Semantics for Certified Abstraction Layers

Authors:

Jérémie Koenig,

Zhong ShaoAuthors Info & Claims

LICS '20: Proceedings of the 35th Annual ACM/IEEE Symposium on Logic in Computer Science

Pages 633 - 647

https://doi.org/10.1145/3373718.3394799

Published: 08 July 2020 Publication History

Abstract

Formal methods have advanced to the point where the functional correctness of various large system components has been mechanically verified. However, the diversity of semantic models used across projects makes it difficult to connect these component to build larger certified systems. Given this, we seek to embed these models and proofs into a generalpurpose framework where they could interact. We believe that a synthesis of game semantics, the refinement calculus, and algebraic effects can provide such a framework.

To combine game semantics and refinement, we replace the downset completion typically used to construct strategies from posets of plays. Using the free completely distributive completion, we construct strategy specifications equipped with arbitrary angelic and demonic choices and ordered by a generalization of alternating refinement. This provides a novel approach to nondeterminism in game semantics.

Connecting algebraic effects and game semantics, we interpret effect signatures as games and define two categories of effect signatures and strategy specifications. The resulting models are sufficient to represent the behaviors of a variety of low-level components, including the certified abstraction layers used to verify the operating system kernel CertiKOS.

References

[1]

Samson Abramsky. 2010. From CSP to Game Semantics. In Reflections on the Work of C.A.R. Hoare, A.W. Roscoe, Cliff B. Jones, and Kenneth R. Wood (Eds.). Springer London, London, 33--45. https://doi.org/10.1007/978-1-84882-912-1_2

[2]

Samson Abramsky, Radha Jagadeesan, and Pasquale Malacaria. 2000. Full abstraction for PCF. Information and computation 163, 2 (2000), 409--470.

[3]

Samson Abramsky and Guy McCusker. 1997. Linearity, sharing and state: a fully abstract game semantics for Idealized Algol with active expressions. In Algol-like languages. Springer, 297--329.

[4]

Samson Abramsky and Guy McCusker. 1999. Game semantics. In Computational logic: Proceedings of the 1997 Marktoberdorf Summer School. Springer, 1--56.

[5]

S. Abramsky and P. Mellies. 1999. Concurrent games and full completeness. In Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158). 431--442.

[6]

Luca De Alfaro. 2004. Game models for open systems. In Theory and Practice: Essays Dedicated to Zohar Manna on the Occasion of His 64th Birthday, volume 2772 of LNCS. Springer, 269--289.

[7]

Rajeev Alur, Thomas A Henzinger, and Orna Kupferman. 2002. Alternating-time temporal logic. Journal of the ACM (JACM) 49, 5 (2002), 672--713.

Digital Library

[8]

Rajeev Alur, Thomas A. Henzinger, Orna Kupferman, and Moshe Y. Vardi. 1998. Alternating refinement relations. In CONCUR'98 Concurrency Theory, Davide Sangiorgi and Robert de Simone (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 163--178.

[9]

Andrew W. Appel. 2011. Verified Software Toolchain. In Proceedings of the 20th European Conference on Programming Languages and Systems: Part of the Joint European Conferences on Theory and Practice of Software (Saarbrücken, Germany) (ESOP'11/ETAPS'11). Springer-Verlag, Berlin, Heidelberg, 1--17. http://dl.acm.org/citation.cfm?id=1987211. 1987212

Digital Library

[10]

Andrew W Appel, Lennart Beringer, Adam Chlipala, Benjamin C Pierce, Zhong Shao, Stephanie Weirich, and Steve Zdancewic. 2017. Position paper: the science of deep specification. Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences 375, 2104 (2017), 20160331.

[11]

Ralph-Johan Back. 1978. On the correctness of refinement steps in program development. Ph.D. Dissertation. Department of Computer Science, University of Helsinky, Helsinki, Finland.

[12]

Ralph-Johan Back and Joakim von Wright. 1998. Refinement Calculus: A Systematic Introduction. Springer-Verlag, New York.

[13]

John Baez and Mike Stay. 2010. Physics, topology, logic and computation: a Rosetta Stone. In New structures for physics. Springer, 95--172.

[14]

Andreas Blass. 1992. A game semantics for linear logic. Annals of Pure and Applied logic 56, 1-3 (1992), 183--220.

[15]

Simon Castellan, Pierre Clairambault, Jonathan Hayman, and Glynn Winskel. 2018. Non-angelic concurrent game semantics. In International Conference on Foundations of Software Science and Computation Structures. Springer, Cham, 3--19.

[16]

Haogang Chen, Daniel Ziegler, Tej Chajed, Adam Chlipala, M Frans Kaashoek, and Nickolai Zeldovich. 2015. Using Crash Hoare logic for certifying the FSCQ file system. In Proceedings of the 25th Symposium on Operating Systems Principles. ACM, 18--37.

Digital Library

[17]

Luca De Alfaro and Thomas A Henzinger. 2001. Interface automata. ACM SIGSOFT Software Engineering Notes 26, 5 (2001), 109--120.

Digital Library

[18]

Luca De Alfaro and Thomas A Henzinger. 2001. Interface theories for component-based design. In International Workshop on Embedded Software. Springer, 148--165.

[19]

Luca de Alfaro and Mariëlle Stoelinga. 2004. Interfaces: A game-theoretic framework for reasoning about component-based systems. Electronic Notes in Theoretical Computer Science 97 (2004), 3--23.

[20]

Edsger W Dijkstra. 1978. Guarded commands, nondeterminacy, and formal derivation of programs. In Programming Methodology. Springer, 166--175.

[21]

Dan R. Ghica and Andrzej S. Murawski. 2004. Angelic Semantics of Fine-Grained Concurrency. In Foundations of Software Science and Computation Structures, Igor Walukiewicz (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 211--225.

[22]

Ronghui Gu, Jérémie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan (Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2015. Deep Specifications and Certified Abstraction Layers. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Mumbai, India) (POPL '15). ACM, New York, NY, USA, 595--608. https://doi.org/10.1145/2676726.2676975

Digital Library

[23]

Ronghui Gu, Zhong Shao, Hao Chen, Xiongnan Wu, Jieung Kim, Vilhelm Sjöberg, and David Costanzo. 2016. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (Savannah, GA, USA) (OSDI'16). USENIX Association, Berkeley, CA, USA, 653--669. http://dl.acm.org/citation.cfm?id=3026877.3026928

[24]

Ronghui Gu, Zhong Shao, Jieung Kim, Xiongnan Newman Wu, Jérémie Koenig, Vilhelm Sjöberg, Hao Chen, David Costanzo, and Tahina Ramananandro. 2018. Certified concurrent abstraction layers. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '18). ACM, 646--661.

Digital Library

[25]

Russell Harmer and Guy McCusker. 1999. A fully abstract game semantics for finite nondeterminism. In Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158). IEEE, 422--430.

[26]

C. A. R. Hoare. 1969. An Axiomatic Basis for Computer Programming. Commun. ACM 12, 10 (Oct. 1969), 576--580.

Digital Library

[27]

J Martin E Hyland and C-HL Ong. 2000. On full abstraction for PCF: I, II, and III. Information and computation 163, 2 (2000), 285--408.

Digital Library

[28]

Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, et al. 2009. seL4: Formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles. ACM, 207--220.

Digital Library

[29]

James Laird. 1997. Full abstraction for functional languages with control. In Proceedings of Twelfth Annual IEEE Symposium on Logic in Computer Science. IEEE, 58--67.

[30]

Xavier Leroy. 2009. Formal Verification of a Realistic Compiler. Commun. ACM 52, 7 (July 2009), 107--115. https://doi.org/10.1145/1538788.1538814

Digital Library

[31]

Xavier Leroy. 2012. Mechanized semantics for compiler verification. In Asian Symposium on Programming Languages and Systems. Springer, 386--388.

[32]

C.E. Martin, S.A. Curtis, and I. Rewitzky. 2007. Modelling angelic and demonic nondeterminism with multirelations. Science of Computer Programming 65, 2 (2007), 140--158. https://doi.org/10.1016/j.scico.2006.01.007 Special Issue dedicated to selected papers from the conference of program construction 2004 (MPC 2004).

Digital Library

[33]

Paul-André Melliès and Samuel Mimram. 2007. Asynchronous Games: Innocence Without Alternation. In CONCUR 2007 - Concurrency Theory, Luís Caires and Vasco T. Vasconcelos (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 395--411.

[34]

Carroll Morgan. 1988. The specification statement. ACM Transactions on Programming Languages and Systems (TOPLAS) 10, 3 (1988), 403--419.

Digital Library

[35]

Joseph M. Morris. 2004. Augmenting Types with Unbounded Demonic and Angelic Nondeterminacy. In Mathematics of Program Construction, Dexter Kozen (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 274--288.

[36]

Joseph M Morris and Malcolm Tyrrell. 2008. Dually nondeterministic functions. ACM Transactions on Programming Languages and Systems (TOPLAS) 30, 6 (2008), 34.

Digital Library

[37]

A. S. Murawski. 2008. Reachability Games and Game Semantics: Comparing Nondeterministic Programs. In 2008 23rd Annual IEEE Symposium on Logic in Computer Science. 353--363.

[38]

Sumit Nain and Moshe Y. Vardi. 2007. Branching vs. Linear Time: Semantical Perspective. In Automated Technology for Verification and Analysis, Kedar S. Namjoshi, Tomohiro Yoneda, Teruo Higashino, and Yoshio Okamura (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 19--34.

[39]

Sumit Nain and Moshe Y Vardi. 2009. Trace semantics is fully abstract. In 2009 24th Annual IEEE Symposium on Logic In Computer Science. IEEE, 59--68.

Digital Library

[40]

Gordon Plotkin and John Power. 2001. Adequacy for Algebraic Effects. In Foundations of Software Science and Computation Structures, Furio Honsell and Marino Miculan (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 1--24.

Digital Library

[41]

Gordon Plotkin and Matija Pretnar. 2009. Handlers of algebraic effects. In European Symposium on Programming. Springer, 80--94.

Digital Library

[42]

Ingrid Rewitzky. 2003. Binary multirelations. In Theory and Applications of Relational Structures as Knowledge Instruments. Springer, 256--271.

[43]

Zhong Shao. 2010. Certified Software. Commun. ACM 53, 12 (December 2010), 56--66.

Digital Library

[44]

Takeshi Tsukada and CH Luke Ong. 2015. Nondeterminism in game semantics via sheaves. In 2015 30th Annual ACM/IEEE Symposium on Logic in Computer Science. IEEE, 220--231.

Digital Library

[45]

Malcolm Tyrrell, Joseph M. Morris, Andrew Butterfield, and Arthur Hughes. 2006. A Lattice-Theoretic Model for an Algebra of Communicating Sequential Processes. In Theoretical Aspects of Computing -ICTAC 2006, Kamel Barkaoui, Ana Cavalcanti, and Antonio Cerone (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 123--137.

[46]

Li-yao Xia, Yannick Zakowski, Paul He, Chung-Kil Hur, Gregory Malecha, Benjamin C Pierce, and Steve Zdancewic. 2019. Interaction trees: representing recursive and impure programs in Coq. Proceedings of the ACM on Programming Languages 4, POPL (2019), 1--32.

Cited By

Oliveira Vale AWang ZChen YYou PShao Z(2024)Compositionality and Observational Refinement for Linearizability with CrashesProceedings of the ACM on Programming Languages10.1145/36897928:OOPSLA2(2296-2324)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689792
Song YLee D(2024)Refinement Composition LogicProceedings of the ACM on Programming Languages10.1145/36746458:ICFP(573-601)Online publication date: 15-Aug-2024
https://dl.acm.org/doi/10.1145/3674645
Oliveira Vale AShao ZChen Y(2024)A Compositional Theory of LinearizabilityJournal of the ACM10.1145/364366871:2(1-107)Online publication date: 27-Jan-2024
https://dl.acm.org/doi/10.1145/3643668
Show More Cited By

Index Terms

Refinement-Based Game Semantics for Certified Abstraction Layers
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
  2. Software organization and properties
    1. Software functional properties
      1. Correctness
        Functionality
    2. Software system structures
      1. Abstraction, modeling and modularity
2. Theory of computation
  1. Logic
    1. Logic and verification
  2. Semantics and reasoning
    1. Program reasoning
      1. Program specifications
      2. Program verification

Recommendations

Layered and object-based game semantics

Large-scale software verification relies critically on the use of compositional languages, semantic models, specifications, and verification techniques. Recent work on certified abstraction layers synthesizes game semantics, the refinement calculus, and ...
Software Model Checking Based on Game Semantics and CSP

We present an approach for software model checking based on game semantics and CSP. Open program fragments are compositionally modelled as CSP processes which represent their game semantics. This translation is performed by a prototype compiler. ...
Refinement and state machine abstraction

Precise module interface specifications are essential in modular software development. The role of state in these specifications has been the issue of some debate and is central to the notion of data refinement. In previous work, Hoffman and Strooper ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

LICS '20: Proceedings of the 35th Annual ACM/IEEE Symposium on Logic in Computer Science

July 2020

986 pages

ISBN:9781450371049

DOI:10.1145/3373718

Conference Chairs:
Holger Hermanns,
Lijun Zhang,
Naoki Kobayashi,
General Chair:
Dale Miller

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGLOG: ACM Special Interest Group on Logic and Computation
EACSL: European Association for Computer Science Logic
IEEE-CS\DATC: IEEE Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 July 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

National Science Foundation

Conference

LICS '20

Sponsor:

SIGLOG
EACSL
IEEE-CS\DATC

LICS '20: 35th Annual ACM/IEEE Symposium on Logic in Computer Science

July 8 - 11, 2020

Saarbrücken, Germany

Acceptance Rates

LICS '20 Paper Acceptance Rate 69 of 174 submissions, 40%;

Overall Acceptance Rate 215 of 622 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
128
Total Downloads

Downloads (Last 12 months)27
Downloads (Last 6 weeks)2

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Oliveira Vale AWang ZChen YYou PShao Z(2024)Compositionality and Observational Refinement for Linearizability with CrashesProceedings of the ACM on Programming Languages10.1145/36897928:OOPSLA2(2296-2324)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689792
Song YLee D(2024)Refinement Composition LogicProceedings of the ACM on Programming Languages10.1145/36746458:ICFP(573-601)Online publication date: 15-Aug-2024
https://dl.acm.org/doi/10.1145/3674645
Oliveira Vale AShao ZChen Y(2024)A Compositional Theory of LinearizabilityJournal of the ACM10.1145/364366871:2(1-107)Online publication date: 27-Jan-2024
https://dl.acm.org/doi/10.1145/3643668
Cho MSong YLee DGäher LDreyer D(2023)Stuttering for FreeProceedings of the ACM on Programming Languages10.1145/36228577:OOPSLA2(1677-1704)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622857
Yang KYu JWei XYou FHuang HHuo X(2023)Survey of the Formal Verification of Operating Systems in Power Monitoring SystemProceedings of the 2023 5th International Conference on Pattern Recognition and Intelligent Systems10.1145/3609703.3609714(65-70)Online publication date: 28-Jul-2023
https://dl.acm.org/doi/10.1145/3609703.3609714
Chappe NHe PHenrio LZakowski YZdancewic S(2023)Choice Trees: Representing Nondeterministic, Recursive, and Impure Programs in CoqProceedings of the ACM on Programming Languages10.1145/35712547:POPL(1770-1800)Online publication date: 9-Jan-2023
https://dl.acm.org/doi/10.1145/3571254
Song YCho MLee DHur CSammler MDreyer D(2023)Conditional Contextual RefinementProceedings of the ACM on Programming Languages10.1145/35712327:POPL(1121-1151)Online publication date: 9-Jan-2023
https://dl.acm.org/doi/10.1145/3571232
Oliveira Vale AShao ZChen Y(2023)A Compositional Theory of LinearizabilityProceedings of the ACM on Programming Languages10.1145/35712317:POPL(1089-1120)Online publication date: 9-Jan-2023
https://dl.acm.org/doi/10.1145/3571231
Koenig J(2022)Grounding Game Semantics in Categorical AlgebraElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.372.26372(368-383)Online publication date: 3-Nov-2022
https://doi.org/10.4204/EPTCS.372.26
Oliveira Vale AMelliès PShao ZKoenig JStefanesco L(2022)Layered and object-based game semanticsProceedings of the ACM on Programming Languages10.1145/34987036:POPL(1-32)Online publication date: 12-Jan-2022
https://dl.acm.org/doi/10.1145/3498703
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents