research-article

Open access

SteelCore: an extensible concurrent separation logic for effectful dependently typed programs

Authors:

Aymeric Fromherz,

Denis Merigoux,

Guido MartínezAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 4, Issue ICFP

Article No.: 121, Pages 1 - 30

https://doi.org/10.1145/3409003

Published: 03 August 2020 Publication History

Abstract

Much recent research has been devoted to modeling effects within type theory. Building on this work, we observe that effectful type theories can provide a foundation on which to build semantics for more complex programming constructs and program logics, extending the reasoning principles that apply within the host effectful type theory itself.

Concretely, our main contribution is a semantics for concurrent separation logic (CSL) within the F^⋆ proof assistant in a manner that enables dependently typed, effectful F^⋆ programs to make use of concurrency and to be specified and verified using a full-featured, extensible CSL. In contrast to prior approaches, we directly derive the partial-correctness Hoare rules for CSL from the denotation of computations in the effectful semantics of non-deterministically interleaved atomic actions.

Demonstrating the flexibility of our semantics, we build generic, verified libraries that support various concurrency constructs, ranging from dynamically allocated, storable spin locks, to protocol-indexed channels. We conclude that our effectful semantics provides a simple yet expressive basis on which to layer domain-specific languages and logics for verified, concurrent programming.

Supplementary Material

Presentation at ICFP '20 (a121-swamy-presentation.mp4)

Download
82.12 MB

References

[1]

D. Ahman, C. Fournet, C. Hriţcu, K. Maillard, A. Rastogi, and N. Swamy. Recalling a witness: Foundations and applications of monotonic state. PACMPL, 2 (POPL): 65 : 1-65 : 30, 2018.

[2]

R. Atkey. Parameterised notions of computation. Journal of Functional Programming, 19 : 335-376, 2009.

[3]

R. Atkey and P. Johann. Interleaving data and efects. Journal of Functional Programming, 25, 2015.

[4]

C. Bach Poulsen, A. Rouvoet, A. Tolmach, R. Krebbers, and E. Visser. Intrinsically-typed definitional interpreters for imperative languages. Proc. ACM Program. Lang., 2(POPL), 2018.

Digital Library

[5]

J. Boyland. Checking interference with fractional permissions. In R. Cousot, editor, Static Analysis. 2003.

[6]

E. Brady. Programming and reasoning with algebraic efects and dependent types. In Proceedings of the 18th ACM SIGPLAN International Conference on Functional Programming. 2013.

Digital Library

[7]

S. Brookes. A semantics for concurrent separation logic. In P. Gardner and N. Yoshida, editors, CONCUR 2004-Concurrency Theory. 2004.

[8]

A. Buisse, L. Birkedal, and K. Støvring. Step-indexed kripke model of separation logic for storable locks. Electronic Notes in Theoretical Computer Science, 276 : 121-143, 2011. Twenty-seventh Conference on the Mathematical Foundations of Programming Semantics (MFPS XXVII).

[9]

T. Chajed, J. Tassarotti, M. F. Kaashoek, and N. Zeldovich. Verifying concurrent, crash-safe systems with perennial. In Proceedings of the 27th ACM Symposium on Operating Systems Principles. 2019.

Digital Library

[10]

T. Dinsdale-Young, L. Birkedal, P. Gardner, M. Parkinson, and H. Yang. Views: Compositional reasoning for concurrent programs. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. 2013.

Digital Library

[11]

M. Dodds, S. Jagannathan, M. J. Parkinson, K. Svendsen, and L. Birkedal. Verifying custom synchronization constructs using higher-order separation logic. ACM Trans. Program. Lang. Syst., 38 ( 2 ), 2016.

[12]

A. Filinski and K. Støvring. Inductive reasoning about efectful data types. In R. Hinze and N. Ramsey, editors, Proceedings of the 12th ACM SIGPLAN International Conference on Functional Programming, ICFP 2007, Freiburg, Germany, October 1-3, 2007. 2007.

Digital Library

[13]

C. S. Gordon, M. D. Ernst, and D. Grossman. Rely-guarantee references for refinement types over aliased mutable data. In Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation. 2013.

Digital Library

[14]

A. Gotsman, J. Berdine, B. Cook, N. Rinetzky, and M. Sagiv. Local reasoning for storable locks and threads. In Proceedings of the 5th Asian Conference on Programming Languages and Systems. 2007.

[15]

P. Hancock and A. Setzer. Interactive programs in dependent type theory. In P. G. Clote and H. Schwichtenberg, editors, Computer Science Logic. 2000.

[16]

J. K. Hinrichsen, J. Bengtson, and R. Krebbers. Actris: Session-type based reasoning in separation logic. Proc. ACM Program. Lang., 4(POPL), 2019.

[17]

A. Hobor, A. W. Appel, and F. Z. Nardelli. Oracle semantics for concurrent separation logic. In S. Drossopoulou, editor, Programming Languages and Systems, 17th European Symposium on Programming, ESOP 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings. 2008.

[18]

K. Honda, V. T. Vasconcelos, and M. Kubo. Language primitives and type discipline for structured communication-based programming. In C. Hankin, editor, Programming Languages and Systems. 1998.

[19]

J. B. Jensen and L. Birkedal. Fictional separation logic. In H. Seidl, editor, Programming Languages and Systems. 2012.

Digital Library

[20]

R. Jung, R. Krebbers, L. Birkedal, and D. Dreyer. Higher-order ghost state. In Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming. 2016.

Digital Library

[21]

R. Jung, J.-H. Jourdan, R. Krebbers, and D. Dreyer. Rustbelt: Securing the foundations of the rust programming language. Proc. ACM Program. Lang., 2(POPL), 2017.

[22]

R. Jung, R. Krebbers, J. Jourdan, A. Bizjak, L. Birkedal, and D. Dreyer. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. J. Funct. Program., 28 : e20, 2018.

[23]

O. Kiselyov and H. Ishii. Freer monads, more extensible efects. In Proceedings of the 2015 ACM SIGPLAN Symposium on Haskell. 2015.

Digital Library

[24]

R. Krebbers, A. Timany, and L. Birkedal. Interactive proofs in higher-order concurrent separation logic. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages. 2017.

Digital Library

[25]

M. Krogh-Jespersen, A. Timany, M. E. Ohlenbusch, S. O. Gregersen, and L. Birkedal. Aneris: A mechanised logic for modular reasoning about distributed systems. Submitted for publication, 2019.

[26]

G. Martínez, D. Ahman, V. Dumitrescu, N. Giannarakis, C. Hawblitzel, C. Hriţcu, M. Narasimhamurthy, Z. Paraskevopoulou, C. Pit-Claudel, J. Protzenko, T. Ramananandro, A. Rastogi, and N. Swamy. Meta-F* : Proof automation with SMT, tactics, and metaprograms. ESOP. 2019.

[27]

C. McBride. Kleisli arrows of outrageous fortune, 2011. Unpublished draft.

[28]

A. Nanevski, J. G. Morrisett, and L. Birkedal. Hoare type theory, polymorphism and separation. JFP, 18 ( 5-6 ): 865-911, 2008.

[29]

A. Nanevski, V. Vafeiadis, and J. Berdine. Structuring the verification of heap-manipulating programs. POPL. 2010.

[30]

A. Nanevski, R. Ley-Wild, I. Sergey, and G. A. Delbianco. Communicating state transition systems for fine-grained concurrent resources. In Programming Languages and Systems-23rd European Symposium on Programming, ESOP 2014, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2014, Grenoble, France, April 5-13, 2014, Proceedings, 2014.

Digital Library

[31]

A. Nanevski, A. Banerjee, G. A. Delbianco, and I. Fábregas. Specifying concurrent programs in separation logic: morphisms and simulations. PACMPL, 3 (OOPSLA): 161 : 1-161 : 30, 2019.

[32]

P. W. O'Hearn. Resources, concurrency and local reasoning. In P. Gardner and N. Yoshida, editors, CONCUR 2004-Concurrency Theory. 2004.

[33]

M. J. Parkinson and A. J. Summers. The relationship between separation logic and implicit dynamic frames. Logical Methods in Computer Science, 8 ( 3 :01): 1-54, 2012.

[34]

M. Piróg, T. Schrijvers, N. Wu, and M. Jaskeliof. Syntax and semantics for operations with scopes. In Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2018. 2018.

Digital Library

[35]

J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science. 2002.

[36]

A. Rouvoet, C. B. Poulsen, R. Krebbers, and E. Visser. Intrinsically-typed definitional interpreters for linear, session-typed languages. In J. Blanchette and C. Hritcu, editors, Proceedings of the 9th ACM SIGPLAN International Conference on Certified Programs and Proofs, CPP 2020, New Orleans, LA, USA, January 20-21, 2020. 2020.

Digital Library

[37]

I. Sergey, A. Nanevski, and A. Banerjee. Mechanized verification of fine-grained concurrent programs. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, Portland, OR, USA, June 15-17, 2015, 2015.

Digital Library

[38]

J. Smans, B. Jacobs, and F. Piessens. Implicit dynamic frames. ACM Trans. Program. Lang. Syst., 34 ( 1 ), 2012.

[39]

N. Swamy, J. Chen, C. Fournet, P. Strub, K. Bhargavan, and J. Yang. Secure distributed programming with value-dependent types. ICFP. 2011a.

[40]

N. Swamy, N. Guts, D. Leijen, and M. Hicks. Lightweight monadic programming in ML. ICFP, 2011b.

Digital Library

[41]

N. Swamy, C. Hriţcu, C. Keller, A. Rastogi, A. Delignat-Lavaud, S. Forest, K. Bhargavan, C. Fournet, P.-Y. Strub, M. Kohlweiss, J.-K. Zinzindohoué, and S. Zanella-Béguelin. Dependent types and multi-monadic efects in F*. POPL. 2016.

[42]

W. Swierstra. Data types à la carte. Journal of Functional Programming, 18 ( 4 ): 423-436, 2008.

[43]

A. Timany, L. Stefanesco, M. Krogh-Jespersen, and L. Birkedal. A logical relation for monadic encapsulation of state: proving contextual equivalences in the presence of runst. PACMPL, 2 (POPL): 64 : 1-64 : 28, 2018.

[44]

L.-y. Xia, Y. Zakowski, P. He, C.-K. Hur, G. Malecha, B. C. Pierce, and S. Zdancewic. Interaction trees: Representing recursive and impure programs in coq. Proc. ACM Program. Lang., 4(POPL), 2019.

Cited By

Zhou ZYe QDelaware BJagannathan S(2024)A HAT Trick: Automatically Verifying Representation Invariants using Symbolic Finite AutomataProceedings of the ACM on Programming Languages10.1145/36564338:PLDI(1387-1411)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656433
Nakayama TMatsushita YSakayori KSato RKobayashi N(2024)Borrowable Fractional Ownership Types for VerificationVerification, Model Checking, and Abstract Interpretation10.1007/978-3-031-50521-8_11(224-246)Online publication date: 15-Jan-2024
https://dl.acm.org/doi/10.1007/978-3-031-50521-8_11
Kanabar HVivien SAbrahamsson OMyreen MNorrish MPohjola JZanetti R(2023)PureCake: A Verified Compiler for a Lazy Functional LanguageProceedings of the ACM on Programming Languages10.1145/35912597:PLDI(952-976)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591259
Show More Cited By

Index Terms

SteelCore: an extensible concurrent separation logic for effectful dependently typed programs
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
2. Theory of computation
  1. Logic
    1. Separation logic
  2. Semantics and reasoning
    1. Program reasoning
      1. Program verification

Recommendations

Steel: proof-oriented programming in a dependently typed concurrent separation logic

Steel is a language for developing and proving concurrent programs embedded in F^⋆, a dependently typed programming language and proof assistant. Based on SteelCore, a concurrent separation logic (CSL) formalized in F^⋆, our work focuses on exposing the ...
Interactive proofs in higher-order concurrent separation logic
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages

When using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...
Cosmo: a concurrent separation logic for multicore OCaml

Multicore OCaml extends OCaml with support for shared-memory concurrency. It is equipped with a weak memory model, for which an operational semantics has been published. This begs the question: what reasoning rules can one rely upon while writing or ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 4, Issue ICFP

August 2020

1070 pages

EISSN:2475-1421

DOI:10.1145/3415018

Issue’s Table of Contents

Copyright © 2020 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 August 2020

Published in PACMPL Volume 4, Issue ICFP

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
556
Total Downloads

Downloads (Last 12 months)83
Downloads (Last 6 weeks)19

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhou ZYe QDelaware BJagannathan S(2024)A HAT Trick: Automatically Verifying Representation Invariants using Symbolic Finite AutomataProceedings of the ACM on Programming Languages10.1145/36564338:PLDI(1387-1411)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656433
Nakayama TMatsushita YSakayori KSato RKobayashi N(2024)Borrowable Fractional Ownership Types for VerificationVerification, Model Checking, and Abstract Interpretation10.1007/978-3-031-50521-8_11(224-246)Online publication date: 15-Jan-2024
https://dl.acm.org/doi/10.1007/978-3-031-50521-8_11
Kanabar HVivien SAbrahamsson OMyreen MNorrish MPohjola JZanetti R(2023)PureCake: A Verified Compiler for a Lazy Functional LanguageProceedings of the ACM on Programming Languages10.1145/35912597:PLDI(952-976)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591259
Arasu ARamananandro TRastogi ASwamy NFromherz AHietala KParno BRamamurthy RKrebbers RTraytel DPientka BZdancewic S(2023)FastVer2: A Provably Correct Monitor for Concurrent, Key-Value StoresProceedings of the 12th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3573105.3575687(30-46)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3573105.3575687
Li YWeirich S(2022)Program adverbs and Tlön embeddingsProceedings of the ACM on Programming Languages10.1145/35476326:ICFP(312-342)Online publication date: 31-Aug-2022
https://dl.acm.org/doi/10.1145/3547632
Spies SGäher LTassarotti JJung RKrebbers RBirkedal LDreyer D(2022)Later credits: resourceful reasoning for the later modalityProceedings of the ACM on Programming Languages10.1145/35476316:ICFP(283-311)Online publication date: 31-Aug-2022
https://dl.acm.org/doi/10.1145/3547631
Li JLattuada AZhou YCameron JHowell JParno BHawblitzel C(2022)Linear types for large-scale systems verificationProceedings of the ACM on Programming Languages10.1145/35273136:OOPSLA1(1-28)Online publication date: 29-Apr-2022
https://dl.acm.org/doi/10.1145/3527313
Mulder IKrebbers RGeuvers HJhala RDillig I(2022)Diaframe: automated verification of fine-grained concurrent programs in IrisProceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3519939.3523432(809-824)Online publication date: 9-Jun-2022
https://dl.acm.org/doi/10.1145/3519939.3523432
Fromherz ARastogi ASwamy NGibson SMartínez GMerigoux DRamananandro T(2021)Steel: proof-oriented programming in a dependently typed concurrent separation logicProceedings of the ACM on Programming Languages10.1145/34735905:ICFP(1-30)Online publication date: 19-Aug-2021
https://dl.acm.org/doi/10.1145/3473590
Li JMiller SZhuo DChen AHowell JAnderson TAngel SKasikci BKohler E(2021)An incremental path towards a safer OS kernelProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3458336.3465277(183-190)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1145/3458336.3465277
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents