Abstract
Much recent research has been devoted to modeling effects within type theory. Building on this work, we observe that effectful type theories can provide a foundation on which to build semantics for more complex programming constructs and program logics, extending the reasoning principles that apply within the host effectful type theory itself.
Concretely, our main contribution is a semantics for concurrent separation logic (CSL) within the F⋆ proof assistant in a manner that enables dependently typed, effectful F⋆ programs to make use of concurrency and to be specified and verified using a full-featured, extensible CSL. In contrast to prior approaches, we directly derive the partial-correctness Hoare rules for CSL from the denotation of computations in the effectful semantics of non-deterministically interleaved atomic actions.
Demonstrating the flexibility of our semantics, we build generic, verified libraries that support various concurrency constructs, ranging from dynamically allocated, storable spin locks, to protocol-indexed channels. We conclude that our effectful semantics provides a simple yet expressive basis on which to layer domain-specific languages and logics for verified, concurrent programming.
Supplemental Material
- D. Ahman, C. Fournet, C. Hriţcu, K. Maillard, A. Rastogi, and N. Swamy. Recalling a witness: Foundations and applications of monotonic state. PACMPL, 2 (POPL): 65 : 1-65 : 30, 2018.Google Scholar
- R. Atkey. Parameterised notions of computation. Journal of Functional Programming, 19 : 335-376, 2009.Google Scholar
- R. Atkey and P. Johann. Interleaving data and efects. Journal of Functional Programming, 25, 2015.Google Scholar
- C. Bach Poulsen, A. Rouvoet, A. Tolmach, R. Krebbers, and E. Visser. Intrinsically-typed definitional interpreters for imperative languages. Proc. ACM Program. Lang., 2(POPL), 2018.Google Scholar
Digital Library
- J. Boyland. Checking interference with fractional permissions. In R. Cousot, editor, Static Analysis. 2003.Google Scholar
Cross Ref
- E. Brady. Programming and reasoning with algebraic efects and dependent types. In Proceedings of the 18th ACM SIGPLAN International Conference on Functional Programming. 2013.Google Scholar
Digital Library
- S. Brookes. A semantics for concurrent separation logic. In P. Gardner and N. Yoshida, editors, CONCUR 2004-Concurrency Theory. 2004.Google Scholar
Cross Ref
- A. Buisse, L. Birkedal, and K. Støvring. Step-indexed kripke model of separation logic for storable locks. Electronic Notes in Theoretical Computer Science, 276 : 121-143, 2011. Twenty-seventh Conference on the Mathematical Foundations of Programming Semantics (MFPS XXVII).Google Scholar
- T. Chajed, J. Tassarotti, M. F. Kaashoek, and N. Zeldovich. Verifying concurrent, crash-safe systems with perennial. In Proceedings of the 27th ACM Symposium on Operating Systems Principles. 2019.Google Scholar
Digital Library
- T. Dinsdale-Young, L. Birkedal, P. Gardner, M. Parkinson, and H. Yang. Views: Compositional reasoning for concurrent programs. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. 2013.Google Scholar
Digital Library
- M. Dodds, S. Jagannathan, M. J. Parkinson, K. Svendsen, and L. Birkedal. Verifying custom synchronization constructs using higher-order separation logic. ACM Trans. Program. Lang. Syst., 38 ( 2 ), 2016.Google Scholar
- A. Filinski and K. Støvring. Inductive reasoning about efectful data types. In R. Hinze and N. Ramsey, editors, Proceedings of the 12th ACM SIGPLAN International Conference on Functional Programming, ICFP 2007, Freiburg, Germany, October 1-3, 2007. 2007.Google Scholar
Digital Library
- C. S. Gordon, M. D. Ernst, and D. Grossman. Rely-guarantee references for refinement types over aliased mutable data. In Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation. 2013.Google Scholar
Digital Library
- A. Gotsman, J. Berdine, B. Cook, N. Rinetzky, and M. Sagiv. Local reasoning for storable locks and threads. In Proceedings of the 5th Asian Conference on Programming Languages and Systems. 2007.Google Scholar
Cross Ref
- P. Hancock and A. Setzer. Interactive programs in dependent type theory. In P. G. Clote and H. Schwichtenberg, editors, Computer Science Logic. 2000.Google Scholar
Cross Ref
- J. K. Hinrichsen, J. Bengtson, and R. Krebbers. Actris: Session-type based reasoning in separation logic. Proc. ACM Program. Lang., 4(POPL), 2019.Google Scholar
- A. Hobor, A. W. Appel, and F. Z. Nardelli. Oracle semantics for concurrent separation logic. In S. Drossopoulou, editor, Programming Languages and Systems, 17th European Symposium on Programming, ESOP 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings. 2008.Google Scholar
- K. Honda, V. T. Vasconcelos, and M. Kubo. Language primitives and type discipline for structured communication-based programming. In C. Hankin, editor, Programming Languages and Systems. 1998.Google Scholar
Cross Ref
- J. B. Jensen and L. Birkedal. Fictional separation logic. In H. Seidl, editor, Programming Languages and Systems. 2012.Google Scholar
Digital Library
- R. Jung, R. Krebbers, L. Birkedal, and D. Dreyer. Higher-order ghost state. In Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming. 2016.Google Scholar
Digital Library
- R. Jung, J.-H. Jourdan, R. Krebbers, and D. Dreyer. Rustbelt: Securing the foundations of the rust programming language. Proc. ACM Program. Lang., 2(POPL), 2017.Google Scholar
- R. Jung, R. Krebbers, J. Jourdan, A. Bizjak, L. Birkedal, and D. Dreyer. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. J. Funct. Program., 28 : e20, 2018.Google Scholar
- O. Kiselyov and H. Ishii. Freer monads, more extensible efects. In Proceedings of the 2015 ACM SIGPLAN Symposium on Haskell. 2015.Google Scholar
Digital Library
- R. Krebbers, A. Timany, and L. Birkedal. Interactive proofs in higher-order concurrent separation logic. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages. 2017.Google Scholar
Digital Library
- M. Krogh-Jespersen, A. Timany, M. E. Ohlenbusch, S. O. Gregersen, and L. Birkedal. Aneris: A mechanised logic for modular reasoning about distributed systems. Submitted for publication, 2019.Google Scholar
- G. Martínez, D. Ahman, V. Dumitrescu, N. Giannarakis, C. Hawblitzel, C. Hriţcu, M. Narasimhamurthy, Z. Paraskevopoulou, C. Pit-Claudel, J. Protzenko, T. Ramananandro, A. Rastogi, and N. Swamy. Meta-F* : Proof automation with SMT, tactics, and metaprograms. ESOP. 2019.Google Scholar
- C. McBride. Kleisli arrows of outrageous fortune, 2011. Unpublished draft.Google Scholar
- A. Nanevski, J. G. Morrisett, and L. Birkedal. Hoare type theory, polymorphism and separation. JFP, 18 ( 5-6 ): 865-911, 2008.Google Scholar
- A. Nanevski, V. Vafeiadis, and J. Berdine. Structuring the verification of heap-manipulating programs. POPL. 2010.Google Scholar
- A. Nanevski, R. Ley-Wild, I. Sergey, and G. A. Delbianco. Communicating state transition systems for fine-grained concurrent resources. In Programming Languages and Systems-23rd European Symposium on Programming, ESOP 2014, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2014, Grenoble, France, April 5-13, 2014, Proceedings, 2014.Google Scholar
Digital Library
- A. Nanevski, A. Banerjee, G. A. Delbianco, and I. Fábregas. Specifying concurrent programs in separation logic: morphisms and simulations. PACMPL, 3 (OOPSLA): 161 : 1-161 : 30, 2019.Google Scholar
- P. W. O'Hearn. Resources, concurrency and local reasoning. In P. Gardner and N. Yoshida, editors, CONCUR 2004-Concurrency Theory. 2004.Google Scholar
Cross Ref
- M. J. Parkinson and A. J. Summers. The relationship between separation logic and implicit dynamic frames. Logical Methods in Computer Science, 8 ( 3 :01): 1-54, 2012.Google Scholar
- M. Piróg, T. Schrijvers, N. Wu, and M. Jaskeliof. Syntax and semantics for operations with scopes. In Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2018. 2018.Google Scholar
Digital Library
- J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science. 2002.Google Scholar
Cross Ref
- A. Rouvoet, C. B. Poulsen, R. Krebbers, and E. Visser. Intrinsically-typed definitional interpreters for linear, session-typed languages. In J. Blanchette and C. Hritcu, editors, Proceedings of the 9th ACM SIGPLAN International Conference on Certified Programs and Proofs, CPP 2020, New Orleans, LA, USA, January 20-21, 2020. 2020.Google Scholar
Digital Library
- I. Sergey, A. Nanevski, and A. Banerjee. Mechanized verification of fine-grained concurrent programs. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, Portland, OR, USA, June 15-17, 2015, 2015.Google Scholar
Digital Library
- J. Smans, B. Jacobs, and F. Piessens. Implicit dynamic frames. ACM Trans. Program. Lang. Syst., 34 ( 1 ), 2012.Google Scholar
- N. Swamy, J. Chen, C. Fournet, P. Strub, K. Bhargavan, and J. Yang. Secure distributed programming with value-dependent types. ICFP. 2011a.Google Scholar
- N. Swamy, N. Guts, D. Leijen, and M. Hicks. Lightweight monadic programming in ML. ICFP, 2011b.Google Scholar
Digital Library
- N. Swamy, C. Hriţcu, C. Keller, A. Rastogi, A. Delignat-Lavaud, S. Forest, K. Bhargavan, C. Fournet, P.-Y. Strub, M. Kohlweiss, J.-K. Zinzindohoué, and S. Zanella-Béguelin. Dependent types and multi-monadic efects in F*. POPL. 2016.Google Scholar
- W. Swierstra. Data types à la carte. Journal of Functional Programming, 18 ( 4 ): 423-436, 2008.Google Scholar
- A. Timany, L. Stefanesco, M. Krogh-Jespersen, and L. Birkedal. A logical relation for monadic encapsulation of state: proving contextual equivalences in the presence of runst. PACMPL, 2 (POPL): 64 : 1-64 : 28, 2018.Google Scholar
- L.-y. Xia, Y. Zakowski, P. He, C.-K. Hur, G. Malecha, B. C. Pierce, and S. Zdancewic. Interaction trees: Representing recursive and impure programs in coq. Proc. ACM Program. Lang., 4(POPL), 2019.Google Scholar
Index Terms
SteelCore: an extensible concurrent separation logic for effectful dependently typed programs
Recommendations
Steel: proof-oriented programming in a dependently typed concurrent separation logic
Steel is a language for developing and proving concurrent programs embedded in F⋆, a dependently typed programming language and proof assistant. Based on SteelCore, a concurrent separation logic (CSL) formalized in F⋆, our work focuses on exposing the ...
Interactive proofs in higher-order concurrent separation logic
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming LanguagesWhen using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...
Interactive proofs in higher-order concurrent separation logic
POPL '17When using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...






Comments