A separation logic for effect handlers

Vilhena, Paulo Emílio de; Pottier, François

doi:10.1145/3434314

Cited by 12 publications

(26 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Prior Research: non-blocking algorithms had previously been verified in Iris [13,29]. • Corroboration: Iris is not only used by its inventors but also by other research teams (e.g., [2,8,20]) and by at least one company, Bedrock Systems. • Community: Iris has a responsive support community.…”

Section: Choosing Irismentioning

confidence: 99%

Applying formal verification to microkernel IPC at meta

Carbonneaux¹,

Zilberstein

Klee³

et al. 2022

Proceedings of the 11th ACM SIGPLAN International Conference on Certified Programs and Proofs

View full text Add to dashboard Cite

We use Iris, an implementation of concurrent separation logic in the Coq proof assistant, to verify two queue data structures used for inter-process communication in an operating system under development. Our motivations are twofold. First, we wish to leverage formal verification to boost confidence in a delicate piece of industrial code that was subject to numerous revisions. Second, we aim to gain information on the cost-benefit tradeoff of applying a state-of-the-art formal verification tool in our industrial setting. On both fronts, our endeavor has been a success. The verification effort proved that the queue algorithms are correct and uncovered four algorithmic simplifications as well as bugs in client code. The simplifications involve the removal of two memory barriers, one atomic load, and one boolean check, all in a performance-sensitive part of the OS. Removing the redundant boolean check revealed unintended uses of uninitialized memory in multiple device drivers, which were fixed. The proof work was completed in person months, not years, by engineers with no prior familiarity with Iris. These findings are spurring further use of verification at Meta.

show abstract

Section: Choosing Irismentioning

confidence: 99%

Applying formal verification to microkernel IPC at meta

Carbonneaux¹,

Zilberstein

Klee³

et al. 2022

Proceedings of the 11th ACM SIGPLAN International Conference on Certified Programs and Proofs

View full text Add to dashboard Cite

show abstract

“…This means that a computation that suspends itself once can be resumed more than once. This use of continuations is powerful, but requires care: it breaks the property that "a block of code, once entered, is exited at most once", and thereby compromises the frame rule [dVP21a], one of the most fundamental reasoning rules of Separation Logic. Both Multicore OCaml and our reasoning rules 3 that a continuation be invoked at most once.…”

Section: Effects and Handlersmentioning

confidence: 99%

“…In this section, we use the mathematical definitions of the previous section ( §4) in combination with Hazel [dVP21a], an extension of Separation Logic with support for effect handlers, described in previous work by the same authors. Hazel allows writing a formal specification of the library that was presented earlier ( §3).…”

Section: Formal Verification Of Reverse-mode Ad With Effect Handlersmentioning

confidence: 99%

“…A small set of features, including first-class functions, references, effect handlers and one-shot continuations, suffices. In previous work [dVP21a], we have defined such a calculus, dubbed HH (for "heaps and handlers"), and have endowed it with a small-step operational semantics. We do not recall the syntax or operational semantics of HH , whose details are not relevant here.…”

Section: Formal Verification Of Reverse-mode Ad With Effect Handlersmentioning

confidence: 99%

“…We transcribe Wang and Rompf's simple implementation of RMAD in HH , a core λ-calculus equipped with effect handlers. Then, using Iris [JKJ + 18], a powerful evolution of Separation Logic, which in previous work [dVP21a] we have extended with support for effect handlers, we express a specification for an automatic differentiation algorithm and we verify that this code is correct with respect to this specification. Our proof is machine-checked and is available online [dVP21b].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Verifying an Effect-Handler-Based Define-By-Run Reverse-Mode AD Library

Vilhena¹,

Pottier²

2021

Preprint

Self Cite

View full text Add to dashboard Cite

By exploiting a number of relatively subtle programming language features, including dynamically-allocated mutable state, first-class functions, and effect handlers, reverse-mode automatic differentiation can be implemented as a library. One outstanding question, however, is: with which logical tools can one specify what this code is expected to compute and verify that it behaves as expected? We answer this question by using a modern variant of Separation Logic to specify and verify a minimalist (but concise and elegant) reverse-mode automatic differentiation library. We view this result as an advanced exercise in program verification, with potential future applications to more realistic automatic differentiation systems.

show abstract

Automated Temporal Verification for Algebraic Effects

Song

Foo

Chin

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Although effect handlers offer a versatile abstraction for userdefined effects, they produce complex and less restricted execution traces due to the composable non-local control flow mechanisms. This paper is interested in the temporal behaviors of effect sequences, such as unhandled effects, termination of the communication, safety, fairness, etc. Specifically, we propose a novel effects logic ContEffs, to write precise and modular specifications for programs in the presence of user-defined effect handlers and primitive effects. As a second contribution, we devise a forward verifier together with a fixpoint calculator to infer the behaviors of such programs. Lastly, our automated verification framework provides a purely algebraic term-rewriting system (TRS) as the back-end solver, efficiently checking the entailments between ContEffs assertions. To demonstrate the feasibility of our proposals, we prototype a verification system where zero-shot, one-shot, and multi-shot continuations coexist; prove its correctness; present experimental results; and report on case studies.

show abstract

A separation logic for effect handlers

Cited by 12 publications

References 32 publications

Applying formal verification to microkernel IPC at meta

Applying formal verification to microkernel IPC at meta

Verifying an Effect-Handler-Based Define-By-Run Reverse-Mode AD Library

Automated Temporal Verification for Algebraic Effects

Contact Info

Product

Resources

About