Rely-guarantee references for refinement types over aliased mutable data

Gordon, Colin S.; Ernst, M.; Grossman, Dan

doi:10.1145/2491956.2462160

Cited by 17 publications

(7 citation statements)

References 54 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is a common pattern. Monotonic state has been studied in several contexts, beginning with ghost monotonic references [Pilkiewicz and Pottier 2011] or simple type systems equipped with monotonic references [Gordon et al 2013], and continuing with more powerful dependent type systems and program logics, such as 𝐹 ★ 𝐹 ★ 𝐹 ★ [Ahman et al. 2018] and Iris [Timany and Birkedal 2021].…”

Section: Verification Framework and Techniquesmentioning

confidence: 99%

Specification and verification of a transient stack

Moine

Charguéraud

Pottier

2022

Proceedings of the 11th ACM SIGPLAN International Conference on Certified Programs and Proofs

View full text Add to dashboard Cite

A transient data structure is a package of an ephemeral data structure, a persistent data structure, and fast conversions between them. We describe the specification and proof of a transient stack and its iterators. This data structure is a scaleddown version of the general-purpose transient sequence data structure implemented in the OCaml library Sek. Internally, it relies on fixed-capacity arrays, or chunks, which can be shared between several ephemeral and persistent stacks. Dynamic tests are used to determine whether a chunk can be updated in place or must be copied: a chunk can be updated if it is uniquely owned or if the update is monotonic. Using CFML, which implements Separation Logic with Time Credits inside Coq, we verify the functional correctness and the amortized time complexity of this data structure. Our verification effort covers iterators, which involve direct pointers to internal chunks. The specification of iterators describes what the operations on iterators do, how much they cost, and under what circumstances an iterator is invalidated.

show abstract

Section: Verification Framework and Techniquesmentioning

confidence: 99%

Specification and verification of a transient stack

Moine

Charguéraud

Pottier

2022

Proceedings of the 11th ACM SIGPLAN International Conference on Certified Programs and Proofs

View full text Add to dashboard Cite

show abstract

“…There have been a number of concurrent separation logics that incorporate rely-guarantee reasoning [Dodds et al 2009;Feng 2009;Vafeiadis and Parkinson 2007]. There are even type systems that incorporate rely-guarantee [Gordon et al 2013]. There are also a number of metatheoretic frameworks for defining the semantics of separation logics that can support rely-guarantee reasoning [Bizjak and Birkedal 2017;Calcagno et al 2007;Dinsdale-Young et al 2013].…”

Section: Related Workmentioning

confidence: 99%

A type system for extracting functional specifications from memory-safe imperative programs

Westbrook

Carmer

et al. 2021

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Verifying imperative programs is hard. A key difficulty is that the specification of what an imperative program does is often intertwined with details about pointers and imperative state. Although there are a number of powerful separation logics that allow the details of imperative state to be captured and managed, these details are complicated and reasoning about them requires significant time and expertise. In this paper, we take a different approach: a memory-safe type system that, as part of type-checking, extracts functional specifications from imperative programs. This disentangles imperative state, which is handled by the type system, from functional specifications, which can be verified without reference to pointers. A key difficulty is that sometimes memory safety depends crucially on the functional specification of a program; e.g., an array index is only memory-safe if the index is in bounds. To handle this case, our specification extraction inserts dynamic checks into the specification. Verification then requires the additional proof that none of these checks fail. However, these checks are in a purely functional language, and so this proof also requires no reasoning about pointers.

show abstract

“…Since FCSL's model is predicative, it does not provide a way to dynamically allocate an invariant, making it impossible to model certain kinds of synchronization primitives, e.g., our generic interface for locks does not seem to be expressible in FCSL. On the other hand, FCSL provides several constructs for reasoning about concurrent programs mixing styles of reasoning from CSL with rely-guarantee reasoning, something which we haven't explored much: our use of monotonic references may play a role in this direction, particularly in connection with other related work on rely-guarantee references (Gordon et al 2013).…”

Section: Related Workmentioning

confidence: 99%

SteelCore: an extensible concurrent separation logic for effectful dependently typed programs

Swamy

Rastogi

Fromherz

et al. 2020

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Much recent research has been devoted to modeling effects within type theory. Building on this work, we observe that effectful type theories can provide a foundation on which to build semantics for more complex programming constructs and program logics, extending the reasoning principles that apply within the host effectful type theory itself. Concretely, our main contribution is a semantics for concurrent separation logic (CSL) within the F ★ proof assistant in a manner that enables dependently typed, effectful F ★ programs to make use of concurrency and to be specified and verified using a full-featured, extensible CSL. In contrast to prior approaches, we directly derive the partial-correctness Hoare rules for CSL from the denotation of computations in the effectful semantics of non-deterministically interleaved atomic actions. Demonstrating the flexibility of our semantics, we build generic, verified libraries that support various concurrency constructs, ranging from dynamically allocated, storable spin locks, to protocol-indexed channels. We conclude that our effectful semantics provides a simple yet expressive basis on which to layer domainspecific languages and logics for verified, concurrent programming.

show abstract

Rely-guarantee references for refinement types over aliased mutable data

Cited by 17 publications

References 54 publications

Specification and verification of a transient stack

Specification and verification of a transient stack

A type system for extracting functional specifications from memory-safe imperative programs

SteelCore: an extensible concurrent separation logic for effectful dependently typed programs

Contact Info

Product

Resources

About