research-article

Open access

Steel: proof-oriented programming in a dependently typed concurrent separation logic

Authors:

Aymeric Fromherz,

Guido Martínez,

Denis Merigoux,

Tahina RamananandroAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 5, Issue ICFP

Article No.: 85, Pages 1 - 30

https://doi.org/10.1145/3473590

Published: 19 August 2021 Publication History

Abstract

Steel is a language for developing and proving concurrent programs embedded in F^⋆, a dependently typed programming language and proof assistant. Based on SteelCore, a concurrent separation logic (CSL) formalized in F^⋆, our work focuses on exposing the proof rules of the logic in a form that enables programs and proofs to be effectively co-developed.

Our main contributions include a new formulation of a Hoare logic of quintuples involving both separation logic and first-order logic, enabling efficient verification condition (VC) generation and proof discharge using a combination of tactics and SMT solving. We relate the VCs produced by our quintuple system to solving a system of associativity-commutativity (AC) unification constraints and develop tactics to (partially) solve these constraints using AC-matching modulo SMT-dischargeable equations.

Our system is fully mechanized and implemented in F^⋆. We evaluate it by developing several verified programs and libraries, including various sequential and concurrent linked data structures, proof libraries, and a library for 2-party session types. Our experience leads us to conclude that our system enables a mixture of automated and interactive proof, making it productive to build programs foundationally verified against a highly expressive, state-of-the-art CSL.

Supplementary Material

Auxiliary Presentation Video (icfp21main-p127-p-video.mp4)

This is a presentation video of the ICFP 21 talk about the paper "Steel: Proof-Oriented Programming in a Dependently Typed Concurrent Separation Logic"

Download
25.19 MB

MP4 File (3473590.mp4)

Presentation Videos

Download
25.88 MB

References

[1]

Andrew W. Appel. 2011. Verified Software Toolchain. In Proceedings of the 20th European Conference on Programming Languages and Systems: Part of the Joint European Conferences on Theory and Practice of Software (ESOP’11/ETAPS’11). Springer-Verlag, Berlin, Heidelberg. 1–17. isbn:9783642197178

Digital Library

[2]

Josh Berdine, Cristiano Calcagno, and Peter W. O’hearn. 2005. Smallfoot: Modular automatic assertion checking with separation logic. In In International Symposium on Formal Methods for Components and Objects. Springer, 115–137.

[3]

Edwin Brady. 2016. Type-driven Development With Idris. Manning. isbn:9781617293023 http://www.worldcat.org/isbn/9781617293023

[4]

James Brotherston, Nikos Gorogiannis, and Rasmus L. Petersen. 2012. A Generic Cyclic Theorem Prover. In Programming Languages and Systems, Ranjit Jhala and Atsushi Igarashi (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 350–367.

[5]

Arthur Charguéraud. 2011. Characteristic Formulae for the Verification of Imperative Programs. In Proceedings of the 16th ACM SIGPLAN International Conference on Functional Programming (ICFP ’11). ACM, New York, NY, USA. 418–430. isbn:978-1-4503-0865-6 https://doi.org/10.1145/2034773.2034828

Digital Library

[6]

Adam Chlipala. 2011. Mostly-Automated Verification of Low-Level Programs in Computational Separation Logic. Association for Computing Machinery, New York, NY, USA. isbn:9781450306638 https://doi.org/10.1145/1993498.1993526

Digital Library

[7]

Leonardo Mendonça de Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS (Lecture Notes in Computer Science, Vol. 4963). Springer, 337–340. isbn:978-3-540-78799-0 https://doi.org/10.1007/978-3-540-78800-3_24

[8]

Gabriel Ebner, Sebastian Ullrich, Jared Roesch, Jeremy Avigad, and Leonardo de Moura. 2017. A Metaprogramming Framework for Formal Verification. Proc. ACM Program. Lang., 1, ICFP (2017), Article 34, Aug., 29 pages. https://doi.org/10.1145/3110278

Digital Library

[9]

François Fages. 1984. Associative-Commutative Unification. In 7th International Conference on Automated Deduction, R. E. Shostak (Ed.). Springer New York, New York, NY. 194–208.

[10]

Georges Gonthier, Assia Mahboubi, and Enrico Tassi. 2016. A Small Scale Reflection Extension for the Coq system. Inria Saclay Ile de France. https://hal.inria.fr/inria-00258384

[11]

Jonas Kastberg Hinrichsen, Jesper Bengtson, and Robbert Krebbers. 2019. Actris: Session-Type Based Reasoning in Separation Logic. Proc. ACM Program. Lang., 4, POPL (2019), Article 6, Dec., 30 pages. https://doi.org/10.1145/3371074

Digital Library

[12]

Aquinas Hobor and Jules Villard. 2013. The Ramifications of Sharing in Data Structures. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’13). Association for Computing Machinery, New York, NY, USA. 523–536. isbn:9781450318327 https://doi.org/10.1145/2429069.2429131

Digital Library

[13]

Radu Iosif, Adam Rogalewicz, and Tomáš Vojnar. 2014. Deciding Entailments in Inductive Separation Logic with Tree Automata. In Automated Technology for Verification and Analysis, Franck Cassez and Jean-François Raskin (Eds.). Springer International Publishing, Cham. 201–218.

[14]

Samin S. Ishtiaq and Peter W. O’Hearn. 2001. BI as an Assertion Language for Mutable Data Structures. In Conference Record of POPL 2001: The 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, London, UK, January 17-19, 2001, Chris Hankin and Dave Schmidt (Eds.). ACM, 14–26. isbn:1-58113-336-7 http://dl.acm.org/citation.cfm?id=360204

[15]

Bart Jacobs, Jan Smans, Pieter Philippaerts, Frédéric Vogels, Willem Penninckx, and Frank Piessens. 2011. VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java. In NASA Formal Methods.

[16]

Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. J. Funct. Program., 28 (2018), e20. https://doi.org/10.1017/S0956796818000151

[17]

Deepak Kapur and Paliath Narendran. 1987. Matching, Unification and Complexity. SIGSAM Bull., 21, 4 (1987), Nov., 6–9. issn:0163-5824 https://doi.org/10.1145/36330.36332

Digital Library

[18]

K. Rustan M. Leino. 2010. Dafny: An Automatic Program Verifier for Functional Correctness. In Proceedings of the 16th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR’10). Springer-Verlag, Berlin, Heidelberg. 348–370. isbn:3-642-17510-4, 978-3-642-17510-7 http://dl.acm.org/citation.cfm?id=1939141.1939161

Digital Library

[19]

K. Rustan M. Leino and Michał Moskal. 2010. Usable Auto-Active Verification.

[20]

K. R. M. Leino, P. Müller, and J. Smans. 2009. Verification of Concurrent Programs with Chalice. In Foundations of Security Analysis and Design V, A. Aldini, G. Barthe, and R. Gorrieri (Eds.) (Lecture Notes in Computer Science, Vol. 5705). Springer-Verlag, 195–222.

[21]

Guido Martínez, Danel Ahman, Victor Dumitrescu, Nick Giannarakis, Chris Hawblitzel, Cătălin Hriţcu, Monal Narasimhamurthy, Zoe Paraskevopoulou, Clément Pit-Claudel, Jonathan Protzenko, Tahina Ramananandro, Aseem Rastogi, and Nikhil Swamy. 2019. Meta-F*: Proof Automation with SMT, Tactics, and Metaprograms. In 28th European Symposium on Programming (ESOP). Springer, 30–59. https://doi.org/10.1007/978-3-030-17184-1_2

[22]

Maged M. Michael and Michael L. Scott. 1996. Simple, Fast, and Practical Non-Blocking and Blocking Concurrent Queue Algorithms. In Proceedings of the Fifteenth Annual ACM Symposium on Principles of Distributed Computing (PODC ’96). Association for Computing Machinery, New York, NY, USA. 267–275. isbn:0897918002 https://doi.org/10.1145/248052.248106

Digital Library

[23]

P. Müller, M. Schwerhoff, and A. J. Summers. 2016. Viper: A Verification Infrastructure for Permission-Based Reasoning. In Verification, Model Checking, and Abstract Interpretation (VMCAI), B. Jobstmann and K. R. M. Leino (Eds.) (LNCS, Vol. 9583). Springer-Verlag, 41–62.

[24]

Aleksandar Nanevski, Anindya Banerjee, Germán Andrés Delbianco, and Ignacio Fábregas. 2019. Specifying concurrent programs in separation logic: morphisms and simulations. PACMPL, 3, OOPSLA (2019), 161:1–161:30. https://doi.org/10.1145/3360587

Digital Library

[25]

Aleksandar Nanevski, J. Gregory Morrisett, and Lars Birkedal. 2008. Hoare type theory, polymorphism and separation. J. Funct. Program., 18, 5-6 (2008), 865–911. http://ynot.cs.harvard.edu/papers/jfpsep07.pdf

Digital Library

[26]

Greg Nelson and Derek C. Oppen. 1979. Simplification by Cooperating Decision Procedures. ACM Trans. Program. Lang. Syst., 1, 2 (1979), Oct., 245–257. issn:0164-0925 https://doi.org/10.1145/357073.357079

Digital Library

[27]

Peter W. O’Hearn. 2004. Resources, Concurrency and Local Reasoning. In CONCUR 2004 - Concurrency Theory, Philippa Gardner and Nobuko Yoshida (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 49–67. isbn:978-3-540-28644-8

[28]

Susan Owicki and David Gries. 1976. Verifying Properties of Parallel Programs: An Axiomatic Approach. Commun. ACM.

[29]

M. J. Parkinson and A. J. Summers. 2012. The Relationship Between Separation Logic and Implicit Dynamic Frames. Logical Methods in Computer Science, 8, 3:01 (2012), 1–54.

[30]

Aseem Rastogi, Guido Martínez, Aymeric Fromherz, Tahina Ramananandro, and Nikhil Swamy. 2020. Layered Indexed Effects: Foundations and Applications of Effectful Dependently Typed Programming. https://www.fstar-lang.org/papers/layeredeffects/ In submission.

[31]

John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science (LICS ’02). IEEE Computer Society, USA. 55–74. isbn:0769514839

Digital Library

[32]

M. Sammler, R. Lepigre, R. Krebbers, K. Memarian, D. Dreyer, and D. Garg. 2021. RefinedC: Automating the Foundational Verification of C Code with Refined Ownership Types. In to appear in Programming Languages Design and Implementation (PLDI). ACM.

[33]

Nikhil Swamy, Cătălin Hriţcu, Chantal Keller, Aseem Rastogi, Antoine Delignat-Lavaud, Simon Forest, Karthikeyan Bhargavan, Cédric Fournet, Pierre-Yves Strub, Markulf Kohlweiss, Jean-Karim Zinzindohoué, and Santiago Zanella-Béguelin. 2016. Dependent Types and Multi-Monadic Effects in F*. In 43rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL). ACM, 256–270. isbn:978-1-4503-3549-2 https://www.fstar-lang.org/papers/mumon/

Digital Library

[34]

Nikhil Swamy, Aseem Rastogi, Aymeric Fromherz, Denis Merigoux, Danel Ahman, and Guido Martínez. 2020. SteelCore: An Extensible Concurrent Separation Logic for Effectful Dependently Typed Programs. Proc. ACM Program. Lang., 4, ICFP (2020), Article 121, Aug., 30 pages. https://doi.org/10.1145/3409003

Digital Library

[35]

Nikhil Swamy, Joel Weinberger, Cole Schlesinger, Juan Chen, and Benjamin Livshits. 2013. Verifying Higher-order Programs with the Dijkstra Monad. In Proceedings of the 34th annual ACM SIGPLAN conference on Programming Language Design and Implementation (PLDI ’13). 387–398. https://www.microsoft.com/en-us/research/publication/verifying-higher-order-programs-with-the-dijkstra-monad/

Digital Library

[36]

Simon Friis Vindum and Lars Birkedal. 2021. Contextual Refinement of the Michael-Scott Queue (Proof Pearl). In Proceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP 2021). Association for Computing Machinery, New York, NY, USA. 76–90. isbn:9781450382991 https://doi.org/10.1145/3437992.3439930

Digital Library

[37]

Hongseok Yang, Oukseh Lee, Josh Berdine, Cristiano Calcagno, Byron Cook, and Dino Distefano. 2008. Scalable shape analysis for systems code. In In CAV.

Cited By

Dardinier TSammler MParthasarathy GSummers AMüller P(2025)Formal Foundations for Translational Separation Logic VerifiersProceedings of the ACM on Programming Languages10.1145/37048569:POPL(569-599)Online publication date: 9-Jan-2025
https://doi.org/10.1145/3704856
Reitz AFromherz AProtzenko J(2024)StarMalloc: Verifying a Modern, Hardened Memory AllocatorProceedings of the ACM on Programming Languages10.1145/36897738:OOPSLA2(1757-1786)Online publication date: 8-Oct-2024
https://doi.org/10.1145/3689773
Andrici CCiobâcă ȘHriţcu CMartínez GRivas ETanter ÉWinterhalter T(2024)Securing Verified IO Programs Against Unverified Code in F*Proceedings of the ACM on Programming Languages10.1145/36329168:POPL(2226-2259)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632916
Show More Cited By

Index Terms

Steel: proof-oriented programming in a dependently typed concurrent separation logic
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
2. Theory of computation
  1. Logic
    1. Separation logic
  2. Semantics and reasoning
    1. Program reasoning
      1. Program verification

Recommendations

SteelCore: an extensible concurrent separation logic for effectful dependently typed programs

Much recent research has been devoted to modeling effects within type theory. Building on this work, we observe that effectful type theories can provide a foundation on which to build semantics for more complex programming constructs and program logics, ...
Interactive proofs in higher-order concurrent separation logic
POPL '17

When using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...
Interactive proofs in higher-order concurrent separation logic
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages

When using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 5, Issue ICFP

August 2021

1011 pages

EISSN:2475-1421

DOI:10.1145/3482883

Issue’s Table of Contents

Copyright © 2021 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 August 2021

Published in PACMPL Volume 5, Issue ICFP

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
801
Total Downloads

Downloads (Last 12 months)236
Downloads (Last 6 weeks)36

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Dardinier TSammler MParthasarathy GSummers AMüller P(2025)Formal Foundations for Translational Separation Logic VerifiersProceedings of the ACM on Programming Languages10.1145/37048569:POPL(569-599)Online publication date: 9-Jan-2025
https://doi.org/10.1145/3704856
Reitz AFromherz AProtzenko J(2024)StarMalloc: Verifying a Modern, Hardened Memory AllocatorProceedings of the ACM on Programming Languages10.1145/36897738:OOPSLA2(1757-1786)Online publication date: 8-Oct-2024
https://doi.org/10.1145/3689773
Andrici CCiobâcă ȘHriţcu CMartínez GRivas ETanter ÉWinterhalter T(2024)Securing Verified IO Programs Against Unverified Code in F*Proceedings of the ACM on Programming Languages10.1145/36329168:POPL(2226-2259)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632916
Eilers MSchwerhoff MMüller P(2024)Verification Algorithms for Automated Separation Logic VerifiersComputer Aided Verification10.1007/978-3-031-65627-9_18(362-386)Online publication date: 26-Jul-2024
https://doi.org/10.1007/978-3-031-65627-9_18
Ho SFromherz AProtzenko J(2023)Modularity, Code Specialization, and Zero-Cost Abstractions for Program VerificationProceedings of the ACM on Programming Languages10.1145/36078447:ICFP(385-416)Online publication date: 31-Aug-2023
https://dl.acm.org/doi/10.1145/3607844
Dardinier TParthasarathy GMüller P(2023)Verification-Preserving Inlining in Automatic Separation Logic VerifiersProceedings of the ACM on Programming Languages10.1145/35860547:OOPSLA1(789-818)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586054
Lattuada AHance TCho CBrun MSubasinghe IZhou YHowell JParno BHawblitzel C(2023)Verus: Verifying Rust Programs using Linear Ghost TypesProceedings of the ACM on Programming Languages10.1145/35860377:OOPSLA1(286-315)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586037
Spies SGäher LTassarotti JJung RKrebbers RBirkedal LDreyer D(2022)Later credits: resourceful reasoning for the later modalityProceedings of the ACM on Programming Languages10.1145/35476316:ICFP(283-311)Online publication date: 31-Aug-2022
https://dl.acm.org/doi/10.1145/3547631

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents