More Web Proxy on the site http://driver.im/

research-article

Open access

The future is ours: prophecy variables in separation logic

Authors:

Rodolphe Lepigre,

Gaurav Parthasarathy,

Marianna Rapoport,

Bart JacobsAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 4, Issue POPL

Article No.: 45, Pages 1 - 32

https://doi.org/10.1145/3371113

Published: 20 December 2019 Publication History

Abstract

Early in the development of Hoare logic, Owicki and Gries introduced auxiliary variables as a way of encoding information about the history of a program’s execution that is useful for verifying its correctness. Over a decade later, Abadi and Lamport observed that it is sometimes also necessary to know in advance what a program will do in the future. To address this need, they proposed prophecy variables, originally as a proof technique for refinement mappings between state machines. However, despite the fact that prophecy variables are a clearly useful reasoning mechanism, there is (surprisingly) almost no work that attempts to integrate them into Hoare logic. In this paper, we present the first account of prophecy variables in a Hoare-style program logic that is flexible enough to verify logical atomicity (a relative of linearizability) for classic examples from the concurrency literature like RDCSS and the Herlihy-Wing queue. Our account is formalized in the Iris framework for separation logic in Coq. It makes essential use of ownership to encode the exclusive right to resolve a prophecy, which in turn enables us to enforce soundness of prophecies with a very simple set of proof rules.

Supplementary Material

WEBM File (a45-jung.webm)

Download
88.24 MB

References

[1]

Martín Abadi and Leslie Lamport. 1988. The existence of refinement mappings. In Proceedings of the Third Annual Symposium on Logic in Computer Science (LICS ’88), Edinburgh, Scotland, UK, July 5-8, 1988. 165–175.

[2]

Martín Abadi and Leslie Lamport. 1991. The existence of refinement mappings. Theor. Comput. Sci. 82, 2 (May 1991), 253–284.

Digital Library

[3]

John Boyland. 2003. Checking interference with fractional permissions. In SAS (LNCS), Vol. 2694. 55–72.

[4]

Byron Cook and Eric Koskinen. 2011. Making prophecies with decision predicates. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’11). ACM, New York, NY, USA, 399–410.

Digital Library

[5]

Pedro da Rocha Pinto, Thomas Dinsdale-Young, and Philippa Gardner. 2014. TaDA: A logic for time and data abstraction. In ECOOP (LNCS), Vol. 8586. 207–231.

[6]

Paulo Emílio de Vilhena, François Pottier, and Jacques-Henri Jourdan. 2020. Spy game: Verifying a local generic solver in Iris. PACMPL 4, POPL, Article 33 (Jan. 2020). http://gallium.inria.fr/~fpottier/publis/de- vilhena- pottier- jourdan- spygame- 2020.pdf

Digital Library

[7]

Germán Andrés Delbianco, Ilya Sergey, Aleksandar Nanevski, and Anindya Banerjee. 2017. Concurrent data structures linked in time. In 31st European Conference on Object-Oriented Programming (ECOOP 2017) (Leibniz International Proceedings in Informatics (LIPIcs)), Peter Müller (Ed.), Vol. 74. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 8:1–8:30.

[8]

Thomas Dinsdale-Young, Lars Birkedal, Philippa Gardner, Matthew J. Parkinson, and Hongseok Yang. 2013. Views: Compositional reasoning for concurrent programs. In POPL. 287–300.

Digital Library

[9]

Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2018. ReLoC: A mechanised relational logic for fine-grained concurrency. In LICS. 442–451.

[10]

Ming Fu, Yong Li, Xinyu Feng, Zhong Shao, and Yu Zhang. 2010. Reasoning about optimistic concurrency using a program logic for history. In CONCUR (LNCS), Vol. 6269. 388–402.

[11]

Timothy L. Harris, Keir Fraser, and Ian A. Pratt. 2002. A practical multi-word compare-and-swap operation. In DISC.

Digital Library

[12]

Maurice Herlihy and Jeannette M. Wing. 1990. Linearizability: A correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst. 12, 3 (1990), 463–492.

Digital Library

[13]

Bart Jacobs and Frank Piessens. 2011. Expressive modular fine-grained concurrency specification. In POPL. 271–282.

[14]

Bart Jacobs, Jan Smans, Pieter Philippaerts, Frédéric Vogels, Willem Penninckx, and Frank Piessens. 2011. VeriFast: A powerful, sound, predictable, fast verifier for C and Java. In NASA Formal Methods.

[15]

Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Aleš Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. Journal of Functional Programming 28, e20 (Nov. 2018), 1–73.

[16]

Ralf Jung, Rodolphe Lepigre, Gaurav Parthasarathy, Marianna Rapoport, Amin Timany, Derek Dreyer, and Bart Jacobs. 2019. The future is ours: Prophecy variables in separation logic – Artifact.

Digital Library

[17]

Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and invariants as an orthogonal basis for concurrent reasoning. In POPL. 637–650.

[18]

Robbert Krebbers, Jacques-Henri Jourdan, Ralf Jung, Joseph Tassarotti, Jan-Oliver Kaiser, Amin Timany, Arthur Charguéraud, and Derek Dreyer. 2018. MoSeL: A general, extensible modal framework for interactive proofs in separation logic. PACMPL 2, ICFP (2018), 77:1–16:30.

Digital Library

[19]

Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017. Interactive proofs in higher-order concurrent separation logic. In POPL. 205–217.

[20]

Leslie Lamport and Stephan Merz. 2017. Auxiliary variables in TLA+. CoRR abs/1703.05121 (2017). http://arxiv.org/abs/ 1703.05121

[21]

Ruy Ley-Wild and Aleksandar Nanevski. 2013. Subjective auxiliary state for coarse-grained concurrency. In POPL. 561–574.

[22]

Hongjin Liang and Xinyu Feng. 2013. Modular verification of linearizability with non-fixed linearization points. In PLDI.

[23]

Richard J. Lipton. 1975. Reduction: A method of proving properties of parallel programs. Commun. ACM 18, 12 (Dec. 1975).

Digital Library

[24]

Peter W. O’Hearn. 2007. Resources, concurrency, and local reasoning. Theor. Comput. Sci. 375, 1 (2007), 271–307.

Digital Library

[25]

Susan Owicki and David Gries. 1976. An axiomatic proof technique for parallel programs I. Acta Informatica 6, 4 (1976), 319–340.

Digital Library

[26]

Willem Penninckx, Amin Timany, and Bart Jacobs. 2019. Specifying I/O using abstract nested hoare triples in separation logic. In Proceedings of the 21st Workshop on Formal Techniques for Java-like Programs (FTf JP ’19). ACM, New York, NY, USA, Article 5, 7 pages.

Digital Library

[27]

John C. Reynolds. 2002. Separation logic: A logic for shared mutable data structures. In LICS. 55–74.

[28]

Ilya Sergey, Aleksandar Nanevski, and Anindya Banerjee. 2015. Specifying and verifying concurrent algorithms with histories and subjectivity. In ESOP. 333–358.

Digital Library

[29]

Ali Sezgin, Serdar Tasiran, and Shaz Qadeer. 2010. Tressa: Claiming the future. In VST TE.

[30]

Aaron Turon, Jacob Thamsborg, Amal Ahmed, Lars Birkedal, and Derek Dreyer. 2013. Logical relations for fine-grained concurrency. In POPL.

[31]

Aaron Turon, Viktor Vafeiadis, and Derek Dreyer. 2014. GPS: Navigating weak memory with ghosts, protocols, and separation. In OOPSLA. 691–707.

Digital Library

[32]

Viktor Vafeiadis. 2008. Modular fine-grained concurrency verification. Ph.D. Dissertation. University of Cambridge, Computer Laboratory. https://www.cl.cam.ac.uk/techreports/UCAM- CL- TR- 726.pdf

[33]

Viktor Vafeiadis and Matthew J. Parkinson. 2007. A marriage of rely/guarantee and separation logic. In CONCUR (LNCS), Vol. 4703. 256–271.

Digital Library

[34]

Zipeng Zhang, Xinyu Feng, Ming Fu, Zhong Shao, and Yong Li. 2012. A structural approach to prophecy variables. In TAMC.

Digital Library

Cited By

Timany AKrebbers RDreyer DBirkedal L(2024)A Logical Approach to Type SoundnessJournal of the ACM10.1145/367695471:6(1-75)Online publication date: 11-Nov-2024
https://dl.acm.org/doi/10.1145/3676954
Park SKim JMulder IJung JLee JKrebbers RKang J(2024)A Proof Recipe for Linearizability in Relaxed Memory Separation LogicProceedings of the ACM on Programming Languages10.1145/36563848:PLDI(175-198)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656384
Enea CKoskinen E(2024)Scenario-Based Proofs for Concurrent ObjectsProceedings of the ACM on Programming Languages10.1145/36498578:OOPSLA1(1294-1323)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649857
Show More Cited By

Index Terms

The future is ours: prophecy variables in separation logic
1. Theory of computation
  1. Logic
    1. Programming logic
    2. Separation logic
  2. Semantics and reasoning
    1. Program semantics
      1. Operational semantics

Recommendations

Proof Automation for Linearizability in Separation Logic

Recent advances in concurrent separation logic enabled the formal verification of increasingly sophisticated fine-grained (i.e., lock-free) concurrent programs. For such programs, the golden standard of correctness is linearizability, which expresses ...
Transfinite Iris: resolving an existential dilemma of step-indexed separation logic
PLDI 2021: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation

Step-indexed separation logic has proven to be a powerful tool for modular reasoning about higher-order stateful programs. However, it has only been used to reason about safety properties, never liveness properties. In this paper, we observe that the ...
Theorems for free from separation logic specifications

Separation logic specifications with abstract predicates intuitively enforce a discipline that constrains when and how calls may be made between a client and a library. Thus a separation logic specification of a library intuitively enforces a protocol on ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 4, Issue POPL

January 2020

1984 pages

EISSN:2475-1421

DOI:10.1145/3377388

Issue’s Table of Contents

Copyright © 2019 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 December 2019

Published in PACMPL Volume 4, Issue POPL

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

33
Total Citations
View Citations
1,175
Total Downloads

Downloads (Last 12 months)295
Downloads (Last 6 weeks)35

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Timany AKrebbers RDreyer DBirkedal L(2024)A Logical Approach to Type SoundnessJournal of the ACM10.1145/367695471:6(1-75)Online publication date: 11-Nov-2024
https://dl.acm.org/doi/10.1145/3676954
Park SKim JMulder IJung JLee JKrebbers RKang J(2024)A Proof Recipe for Linearizability in Relaxed Memory Separation LogicProceedings of the ACM on Programming Languages10.1145/36563848:PLDI(175-198)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656384
Enea CKoskinen E(2024)Scenario-Based Proofs for Concurrent ObjectsProceedings of the ACM on Programming Languages10.1145/36498578:OOPSLA1(1294-1323)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649857
Oliveira Vale AShao ZChen Y(2024)A Compositional Theory of LinearizabilityJournal of the ACM10.1145/364366871:2(1-107)Online publication date: 27-Jan-2024
https://dl.acm.org/doi/10.1145/3643668
Zhou LQin JWang QAppel ACao Q(2024)VST-A: A Foundationally Sound Annotation VerifierProceedings of the ACM on Programming Languages10.1145/36329118:POPL(2069-2098)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632911
Gregersen SAguirre AHaselwarter PTassarotti JBirkedal L(2024)Asynchronous Probabilistic Couplings in Higher-Order Separation LogicProceedings of the ACM on Programming Languages10.1145/36328688:POPL(753-784)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632868
Nakayama TMatsushita YSakayori KSato RKobayashi N(2024)Borrowable Fractional Ownership Types for VerificationVerification, Model Checking, and Abstract Interpretation10.1007/978-3-031-50521-8_11(224-246)Online publication date: 15-Jan-2024
https://dl.acm.org/doi/10.1007/978-3-031-50521-8_11
Jung JLee JChoi JKim JPark SKang J(2023)Modular Verification of Safe Memory Reclamation in Concurrent Separation LogicProceedings of the ACM on Programming Languages10.1145/36228277:OOPSLA2(828-856)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622827
Meyer RWies TWolff S(2023)Embedding Hindsight Reasoning in Separation LogicProceedings of the ACM on Programming Languages10.1145/35912967:PLDI(1848-1871)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591296
Mulder IKrebbers R(2023)Proof Automation for Linearizability in Separation LogicProceedings of the ACM on Programming Languages10.1145/35860437:OOPSLA1(462-491)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586043
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents