Mechanised Hypersafety Proofs about Structured Data
Authors: 
Vladimir Gladshtein, Qiyuan Zhao, Willow Ahrens, 
Saman Amarasinghe, 
Ilya SergeyAuthors Info & Claims
Vladimir Gladshtein, Qiyuan Zhao, Willow Ahrens, Saman Amarasinghe, Ilya SergeyAuthors Info & ClaimsArticle No.: 173, Pages 647 - 670
Abstract
Arrays are a fundamental abstraction to represent collections of data. It is often possible to exploit structural properties of the data stored in an array (e.g., repetition or sparsity) to develop a specialised representation optimised for space efficiency. Formally reasoning about correctness of manipulations with such structured data is challenging, as they are often composed of multiple loops with non-trivial invariants. In this work, we observe that specifications for structured data manipulations can be phrased as hypersafety properties, i.e., predicates that relate traces of k programs. To turn this observation into an effective verification methodology, we developed the Logic for Graceful Tensor Manipulation (LGTM), a new Hoare-style relational separation logic for specifying and verifying computations over structured data. The key enabling idea of LGTM is that of parametrised hypersafety specifications that allow the number k of the program components to depend on the program variables. We implemented LGTM as a foundational embedding into Coq, mechanising its rules, meta-theory, and the proof of soundness. Furthermore, we developed a library of domain-specific tactics that automate computer-aided hypersafety reasoning, resulting in pleasantly short proof scripts that enjoy a high degree of reuse. We argue for the effectiveness of relational reasoning about structured data in LGTM by specifying and mechanically proving correctness of 13 case studies including computations on compressed arrays and efficient operations over multiple kinds of sparse tensors.
References
[1]
Willow Ahrens, Daniel Donenfeld, Fredrik Kjolstad, and Saman P. Amarasinghe. 2023. Looplets: A Language for Structured Coiteration. In CGO. ACM, 41–54. https://doi.org/10.1145/3579990.3580020
[2]
Andrew W. Appel. 2011. Verified Software Toolchain - (Invited Talk). In ESOP (LNCS, Vol. 6602). Springer, 1–17. https://doi.org/10.1007/978-3-642-19718-5_1
[3]
Andrew W. Appel. 2022. Coq’s vibrant ecosystem for verification engineering (invited talk). In CPP. ACM, 2–11. https://doi.org/10.1145/3497775.3503951
[4]
Gilad Arnold. 2011. Data-Parallel Language for Correct and Efficient Sparse Matrix Codes. Ph. D. Dissertation. University of California, Berkeley, USA. http://www.escholarship.org/uc/item/2pw6165p
[5]
Gilad Arnold, Johannes Hölzl, Ali Sinan Köksal, Rastislav Bodík, and Mooly Sagiv. 2010. Specifying and verifying sparse matrix codes. In ICFP. ACM, 249–260. https://doi.org/10.1145/1863543.1863581
[6]
Gilles Barthe, Juan Manuel Crespo, and César Kunz. 2011. Relational Verification Using Product Programs. In FM (LNCS, Vol. 6664). Springer, 200–214. https://doi.org/10.1007/978-3-642-21437-0_17
[7]
Gilles Barthe, Boris Köpf, Federico Olmedo, and Santiago Zanella Béguelin. 2012. Probabilistic relational reasoning for differential privacy. In POPL. ACM, 97–110. https://doi.org/10.1145/2103656.2103670
[8]
Nick Benton. 2004. Simple Relational Correctness Proofs for Static Analyses and Program Transformations. In POPL. ACM, 14–25. https://doi.org/10.1145/964001.964003
[9]
Michael Carbin, Deokhwan Kim, Sasa Misailovic, and Martin C. Rinard. 2012. Proving acceptability properties of relaxed nondeterministic approximate programs. In PLDI. ACM, 169–180. https://doi.org/10.1145/2254064.2254086
[10]
Arthur Charguéraud. 2011. Characteristic Formulae for the Verification of Imperative Programs. In ICFP. ACM, 418–430. https://doi.org/10.1145/2034773.2034828
[11]
Arthur Charguéraud. 2020. Separation Logic for Sequential Programs (Functional Pearl). Proc. ACM Program. Lang., 4, ICFP (2020), 116:1–116:34. https://doi.org/10.1145/3408998
[12]
Stephen Chou and Saman P. Amarasinghe. 2022. Compilation of dynamic sparse tensor algebra. Proc. ACM Program. Lang., 6, OOPSLA2 (2022), 1408–1437. https://doi.org/10.1145/3563338
[13]
Stephen Chou, Fredrik Kjolstad, and Saman P. Amarasinghe. 2018. Format abstraction for sparse tensor algebra compilers. Proc. ACM Program. Lang., 2, OOPSLA (2018), 123:1–123:30. https://doi.org/10.1145/3276493
[14]
Stephen Chou, Fredrik Kjolstad, and Saman P. Amarasinghe. 2020. Automatic generation of efficient sparse tensor format conversion routines. In PLDI. ACM, 823–838. https://doi.org/10.1145/3385412.3385963
[15]
Thibault Dardinier and Peter Müller. 2024. Hyper Hoare Logic: (Dis-)Proving Program Hyperproperties. Proc. ACM Program. Lang., 8, PLDI (2024), 207:1–207:24. https://doi.org/10.1145/3656437
[16]
Daniel Donenfeld, Stephen Chou, and Saman P. Amarasinghe. 2022. Unified Compilation for Lossless Compression and Sparse Computing. In CGO. IEEE, 205–216. https://doi.org/10.1109/CGO53902.2022.9741282
[17]
Emanuele D’Osualdo, Azadeh Farzan, and Derek Dreyer. 2022. Proving hypersafety compositionally. Proc. ACM Program. Lang., 6, OOPSLA2 (2022), 289–314. https://doi.org/10.1145/3563298
[18]
Tristan Dyer, Alper Altuntas, and John W. Baugh Jr. 2019. Bounded Verification of Sparse Matrix Computations. In 2019 IEEE/ACM 3rd International Workshop on Software Correctness for HPC Applications (Correctness). IEEE, 36–43. https://doi.org/10.1109/Correctness49594.2019.00010
[19]
Pratik Fegade, Tianqi Chen, Phillip B. Gibbons, and Todd C. Mowry. 2022. The CoRa Tensor Compiler: Compilation for Ragged Tensors with Minimal Padding. In MLSys. mlsys.org. https://proceedings.mlsys.org/paper/2022/hash/d3d9446802a44259755d38e6d163e820-Abstract.html
[20]
Vladimir Gladshtein, Qiyuan Zhao, Willow Ahrens, Saman Amarasinghe, and Ilya Sergey. 2024. LGTM: the Logic for Graceful Tensor Manipulation. https://doi.org/10.5281/zenodo.10951930
[21]
Vladimir Gladshtein, Qiyuan Zhao, Willow Ahrens, Saman Amarasinghe, and Ilya Sergey. 2024. Mechanised Hypersafety Proofs about Structured Data: Extended Version. CoRR, abs/2404.06477 (2024), https://doi.org/10.48550/ARXIV.2404.06477
[22]
Changwan Hong, Aravind Sukumaran Rajam, Israt Nisa, Kunal Singh, and Ponnuswamy Sadayappan. 2019. Adaptive sparse tiling for sparse matrix multiplication. In PPoPP. ACM, 300–314. https://doi.org/10.1145/3293883.3295712
[23]
Ariel E. Kellison, Andrew W. Appel, Mohit Tekriwal, and David Bindel. 2023. LAProof: A Library of Formal Proofs of Accuracy and Correctness for Linear Algebra Programs. In ARITH. IEEE Computer Society, 36–43. https://doi.org/10.1109/ARITH58626.2023.00021
[24]
Oleg Kiselyov, Aggelos Biboudis, Nick Palladinos, and Yannis Smaragdakis. 2017. Stream fusion, to completeness. In POPL. ACM, 285–299. https://doi.org/10.1145/3009837.3009880
[25]
Fredrik Kjolstad, Willow Ahrens, Shoaib Kamil, and Saman Amarasinghe. 2019. Tensor Algebra Compilation with Workspaces. In CGO. 180–192. https://doi.org/10.1109/CGO.2019.8661185
[26]
Fredrik Kjolstad, Shoaib Kamil, Stephen Chou, David Lugato, and Saman P. Amarasinghe. 2017. The tensor algebra compiler. Proc. ACM Program. Lang., 1, OOPSLA (2017), 77:1–77:29. https://doi.org/10.1145/3133901
[27]
Scott Kovach, Praneeth Kolichala, Tiancheng Gu, and Fredrik Kjolstad. 2023. Indexed Streams: A Formal Intermediate Representation for Fused Contraction Programs. Proc. ACM Program. Lang., 7, PLDI (2023), Article 154, https://doi.org/10.1145/3591268
[28]
Amanda Liu, Gilbert Louis Bernstein, Adam Chlipala, and Jonathan Ragan-Kelley. 2022. Verified tensor-program optimization via high-level scheduling rewrites. Proc. ACM Program. Lang., 6, POPL (2022), 1–28. https://doi.org/10.1145/3498717
[29]
Assia Mahboubi and Enrico Tassi. 2022. Mathematical Components. https://doi.org/10.5281/zenodo.7118596
[30]
Aleksandar Nanevski, Anindya Banerjee, and Deepak Garg. 2011. Verification of Information Flow and Access Control Policies with Dependent Types. In 32nd IEEE Symposium on Security and Privacy. IEEE Computer Society, 165–179. https://doi.org/10.1109/SP.2011.12
[31]
Tobi Popoola, Tuowen Zhao, Aaron St. George, Kalyan Bhetwal, Michelle Mills Strout, Mary Hall, and Catherine Olschanowsky. 2023. Code Synthesis for Sparse Tensor Format Conversion and Optimization. In CGO. ACM, 28–40. https://doi.org/10.1145/3579990.3580021
[32]
John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In LICS. IEEE Computer Society, 55–74. https://doi.org/10.1109/LICS.2002.1029817
[33]
Laith Sakka, Kirshanthan Sundararajah, and Milind Kulkarni. 2017. TreeFuser: a framework for analyzing and fusing general recursive tree traversals. Proc. ACM Program. Lang., 1, OOPSLA (2017), 76:1–76:30. https://doi.org/10.1145/3133900
[34]
Marcelo Sousa and Isil Dillig. 2016. Cartesian Hoare Logic for Verifying k-Safety Properties. In PLDI. ACM, 57–69. https://doi.org/10.1145/2908080.2908092
[35]
Yasunari Watanabe, Kiran Gopinathan, George Pîrlea, Nadia Polikarpova, and Ilya Sergey. 2021. Certifying the Synthesis of Heap-Manipulating Programs. Proc. ACM Program. Lang., 5, ICFP (2021), 1–29. https://doi.org/10.1145/3473589
[36]
Hongseok Yang. 2007. Relational separation logic. Theor. Comput. Sci., 375, 1-3 (2007), 308–334. https://doi.org/10.1016/j.tcs.2006.12.036
[37]
Zihao Ye, Ruihang Lai, Junru Shao, Tianqi Chen, and Luis Ceze. 2023. SparseTIR: Composable Abstractions for Sparse Compilation in Deep Learning. In ASPLOS. ACM, 660–678. https://doi.org/10.1145/3582016.3582047
Index Terms
- Mechanised Hypersafety Proofs about Structured Data
Recommendations
A Mechanised Proof of an Adaptive State Counting Algorithm
Testing Software and SystemsAbstractIn this paper it is demonstrated that the capabilities of state-of-the-art proof assistant tools are sufficient to present mechanised and, at the same time, human-readable proofs establishing completeness properties of test methods and the ...
Dual tableau for monoidal triangular norm logic MTL
Monoidal triangular norm logic MTL is the logic of left-continuous triangular norms. In the paper we present a relational formalization of the logic MTL and then we introduce relational dual tableau that can be used for verification of validity of MTL-...
Implementing a relational theorem prover for modal logic [image omitted]
APPLICATIONS OF COMPUTATIONAL MATHEMATICS IN SCIENCE AND ENGINEERINGAn automatic theorem prover for a proof system in the style of dual tableaux for the relational logic associated with modal logic [image omitted] has been introduced. Although there are many well-known implementations of provers for modal logic, as far ...
Comments
Information & Contributors
Information
Published In
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution-ShareAlike International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 20 June 2024
Published in PACMPL Volume 8, Issue PLDI
Check for updates
Badges
Author Tags
Qualifiers
- Research-article
Funding Sources
- Singapore Ministry of Education
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 117Total Downloads
- Downloads (Last 12 months)117
- Downloads (Last 6 weeks)44
Reflects downloads up to 12 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in