Abstract
Step-indexed logical relations are an extremely useful technique for building operational-semantics-based models and program logics for realistic, richly-typed programming languages. They have proven to be indispensable for modeling features like higher-order state, which many languages support but which were difficult to accommodate using traditional denotational models. However, the conventional wisdom is that, because they only support reasoning about finite traces of computation, (unary) step-indexed models are only good for proving safety properties like “well-typed programs don’t go wrong”. There has consequently been very little work on using step-indexing to establish liveness properties, in particular termination.
In this paper, we show that step-indexing can in fact be used to prove termination of well-typed programs—even in the presence of dynamically-allocated, shared, mutable, higher-order state—so long as one’s type system enforces disciplined use of such state. Specifically, we consider a language with asynchronous channels, inspired by promises in JavaScript, in which higher-order state is used to implement communication, and linearity is used to ensure termination. The key to our approach is to generalize from natural number step-indexing to transfinite step-indexing, which enables us to compute termination bounds for program expressions in a compositional way. Although transfinite step-indexing has been proposed previously, we are the first to apply this technique to reasoning about termination in the presence of higher-order state.
- Amal Ahmed, Andrew W Appel, Christopher D Richards, Kedar N Swadi, Gang Tan, and Daniel C Wang. 2010. Semantic foundations for typed assembly languages. ACM Transactions on Programming Languages and Systems (TOPLAS) 32, 3 ( 2010 ), 1-67. https://doi.org/10.1145/1709093.1709094 Google Scholar
Digital Library
- Amal Ahmed, Matthew Fluet, and Greg Morrisett. 2005. A step-indexed model of substructural state. In Proceedings of the Tenth ACM SIGPLAN International Conference on Functional Programming (Tallinn, Estonia) ( ICFP '05). Association for Computing Machinery, New York, NY, USA, 78-91. https://doi.org/10.1145/1086365.1086376 Google Scholar
Digital Library
- Amal Jamil Ahmed. 2004. Semantics of types for mutable state. Ph.D. Dissertation. Princeton University.Google Scholar
Digital Library
- Andrew W Appel and David McAllester. 2001. An indexed model of recursive types for foundational proof-carrying code. ACM Transactions on Programming Languages and Systems (TOPLAS) 23, 5 ( 2001 ), 657-683. https://doi.org/10.1145/ 504709.504712 Google Scholar
Digital Library
- Patrick Bahr, Christian Uldal Graulund, and Rasmus Ejlers Møgelberg. 2019. Simply RaTT: a Fitch-style modal calculus for reactive programming without space leaks. Proceedings of the ACM on Programming Languages 3, ICFP ( 2019 ), 1-27. https://doi.org/10.1145/3341713 Google Scholar
Digital Library
- Aleš Bizjak, Lars Birkedal, and Marino Miculan. 2014. A model of countable nondeterminism in guarded type theory. In Proceedings of TLCA. https://doi.org/10.1007/978-3-319-08918-8_8 Google Scholar
Cross Ref
- Gérard Boudol. 2010. Typing termination in a higher-order concurrent imperative language. Information and Computation 208, 6 ( 2010 ), 716-736. https://doi.org/10.1016/j.ic. 2009. 06.007 Google Scholar
Digital Library
- Aloïs Brunel and Antoine Madet. 2012. Indexed realizability for bounded-time programming with references and type ifxpoints. In Asian Symposium on Programming Languages and Systems. Springer, 264-279. https://doi.org/10.1007/978-3-642-35182-2_19 Google Scholar
Cross Ref
- Andrew Cave, Francisco Ferreira, Prakash Panangaden, and Brigitte Pientka. 2014. Fair reactive programming. In Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '14). ACM, San Diego, California, USA, 361-372. https://doi.org/10.1145/2535838.2535881 Google Scholar
Digital Library
- Koen Claessen. 1999. A poor man's concurrency monad. Journal of Functional Programming 9, 3 ( 1999 ), 313-323. https: //doi.org/10.1017/S0956796899003342 Google Scholar
Digital Library
- Pedro da Rocha Pinto, Thomas Dinsdale-Young, Philippa Gardner, and Julian Sutherland. 2016. Modular termination verification for non-blocking concurrency. In European Symposium on Programming. Springer, 176-201. https://doi.org/ 10.1007/978-3-662-49498-1_8 Google Scholar
Cross Ref
- Robert Dockins and Aquinas Hobor. 2010. A theory of termination via indirection. In Dagstuhl Seminar Proceedings. Schloss Dagstuhl-Leibniz-Zentrum für Informatik.Google Scholar
- Robert Dockins and Aquinas Hobor. 2012. Time bounds for general function pointers. Electronic Notes in Theoretical Computer Science 286 ( 2012 ), 139-155. https://doi.org/10.1016/j.entcs. 2012. 08.010 Google Scholar
Digital Library
- Derek Dreyer, Amal Ahmed, and Lars Birkedal. 2011. Logical step-indexed logical relations. Logical Methods in Computer Science 7, 2 : 16 ( 2011 ). https://doi.org/10.2168/LMCS-7( 2 :16) 2011 Google Scholar
Cross Ref
- Derek Dreyer, Georg Neis, Andreas Rossberg, and Lars Birkedal. 2010. A relational modal logic for higher-order stateful ADTs. In POPL. 185-198. https://doi.org/10.1145/1706299.1706323 Google Scholar
Digital Library
- Daniel Friedman and David Wise. 1976. The impact of applicative programming on multiprocessing. In International Conference on Parallel Processing. 263-272.Google Scholar
- Jean-Yves Girard. 1995. Light linear logic. In Logic and Computational Complexity, Daniel Leivant (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 145-176. https://doi.org/10.1007/3-540-60178-3_83 Google Scholar
Cross Ref
- Jean-Yves Girard, Paul Taylor, and Yves Lafont. 1989. Proofs and types. Cambridge University Press.Google Scholar
Digital Library
- Gerhard Hessenberg. 1906. Grundbegrife der Mengenlehre. Vol. 1. Vandenhoeck & Ruprecht.Google Scholar
- Alan Jefrey. 2012. LTL types FRP: linear-time temporal logic propositions as types, proofs as functional reactive programs. In Proceedings of the sixth workshop on Programming Languages meets Program Verification, PLPV 2012, Philadelphia, PA, USA, January 24, 2012. Philadelphia, PA, USA, 49-60. https://doi.org/10.1145/2103776.2103783 Google Scholar
Digital Library
- Wolfgang Jeltsch. 2012. Towards a common categorical semantics for linear-time temporal logic and functional reactive programming. Electronic Notes in Theoretical Computer Science 286 ( 2012 ), 229-242. https://doi.org/10.1016/j.entcs. 2012. 08.015 Google Scholar
Digital Library
- Wolfgang Jeltsch. 2013. Temporal logic with "until", functional reactive programming with processes, and concrete process categories. In Proceedings of the 7th Workshop on Programming Languages Meets Program Verification (Rome, Italy) ( PLPV '13). ACM, New York, NY, USA, 69-78. https://doi.org/10.1145/2428116.2428128 Google Scholar
Digital Library
- Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2018a. RustBelt: Securing the foundations of the Rust programming language. PACMPL 2, POPL, Article 66 ( 2018 ). https://doi.org/10.1145/3158154 Google Scholar
Digital Library
- Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Aleš Bizjak, Lars Birkedal, and Derek Dreyer. 2018b. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. Journal of Functional Programming 28 ( 2018 ). https://doi.org/10.1017/S0956796818000151 Google Scholar
Cross Ref
- Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and invariants as an orthogonal basis for concurrent reasoning. In POPL. ACM New York, NY, USA, 637-650. https://doi.org/10.1145/2676726.2676980 Google Scholar
Digital Library
- Neelakantan R. Krishnaswami. 2013. Higher-order functional reactive programming without spacetime leaks. In Proceedings of the 18th ACM SIGPLAN International Conference on Functional Programming (ICFP '13). ACM, Boston, Massachusetts, USA, 221-232. https://doi.org/10.1145/2500365.2500588 Google Scholar
Digital Library
- Neelakantan R. Krishnaswami and Nick Benton. 2011. Ultrametric semantics of reactive programs. In 2011 IEEE 26th Annual Symposium on Logic in Computer Science. IEEE Computer Society, Washington, DC, USA, 257-266. https: //doi.org/10.1109/LICS. 2011.38 Google Scholar
Digital Library
- Neelakantan R Krishnaswami, Aaron Turon, Derek Dreyer, and Deepak Garg. 2012. Superficially substructural types. In Proceedings of the 17th ACM SIGPLAN International Conference on Functional Programming. 41-54. https://doi.org/10. 1145/2398856.2364536 Google Scholar
Digital Library
- Peter J Landin. 1964. The mechanical evaluation of expressions. Comput. J. 6, 4 ( 1964 ), 308-320. https://doi.org/10.1093/ comjnl/6.4. 308 Google Scholar
Cross Ref
- Antoine Madet and Roberto M Amadio. 2011. An elementary afine-calculus with multithreading and side efects. In International Conference on Typed Lambda Calculi and Applications. Springer, 138-152. https://doi.org/10.1007/978-3-642-21691-6_13 Google Scholar
Cross Ref
- Glen Mével, Jacques-Henri Jourdan, and François Pottier. 2019. Time credits and time receipts in Iris. In European Symposium on Programming. Springer, 3-29. https://doi.org/10.1007/978-3-030-17184-1_1 Google Scholar
Cross Ref
- Greg Morrisett, Amal Ahmed, and Matthew Fluet. 2005. 3: A linear language with locations. In Typed Lambda Calculi and Applications, Paweł Urzyczyn (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 293-307. https://doi.org/10.1007/ 11417170_22 Google Scholar
Digital Library
- John C Reynolds. 1983. Types, abstraction and parametric polymorphism. In Information Processing 83, Proceedings of the IFIP 9th World Computer Congress. 513-523.Google Scholar
- Jan Schwinghammer, Aleš Bizjak, and Lars Birkedal. 2013. Step-indexed relational reasoning for countable nondeterminism. Logical Methods in Computer Science 9 ( 2013 ). https://doi.org/10.2168/LMCS-9( 4 :4) 2013 Google Scholar
Cross Ref
- Simon Spies, Neel Krishnaswami, and Derek Dreyer. 2021. Transfinite step-indexing for termination. Technical Report. https://plv.mpi-sws.org/transfinite-step-indexing/termination/Google Scholar
- Kasper Svendsen and Lars Birkedal. 2014. Impredicative concurrent abstract predicates. In Proceedings of ESOP. https: //doi.org/10.1007/978-3-642-54833-8_9 Google Scholar
Digital Library
- Kasper Svendsen, Filip Sieczkowski, and Lars Birkedal. 2016. Transfinite step-indexing: Decoupling concrete and logical steps. In European Symposium on Programming. Springer, 727-751. https://doi.org/10.1007/978-3-662-49498-1_28 Google Scholar
Cross Ref
- William W Tait. 1967. Intensional interpretations of functionals of finite type I. Journal of Symbolic Logic 32, 2 ( 1967 ), 198-212. https://doi.org/10.2307/2271658 Google Scholar
Cross Ref
- Aaron J Turon, Jacob Thamsborg, Amal Ahmed, Lars Birkedal, and Derek Dreyer. 2013. Logical relations for fine-grained concurrency. In POPL. ACM New York, NY, USA, 343-356. https://doi.org/10.1145/2480359.2429111 Google Scholar
Digital Library
- Nobuko Yoshida, Martin Berger, and Kohei Honda. 2004. Strong normalisation in the-calculus. Information and Computation 191, 2 ( 2004 ), 145-202. https://doi.org/10.1016/j.ic. 2003. 08.004 Google Scholar
Digital Library
Index Terms
Transfinite step-indexing for termination
Recommendations
Transfinite Iris: resolving an existential dilemma of step-indexed separation logic
PLDI 2021: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and ImplementationStep-indexed separation logic has proven to be a powerful tool for modular reasoning about higher-order stateful programs. However, it has only been used to reason about safety properties, never liveness properties. In this paper, we observe that the ...
Cyclic proofs of program termination in separation logic
POPL '08We propose a novel approach to proving the termination of heap-manipulating programs, which combines separation logic with cyclic proof within a Hoare-style proof system.Judgements in this system express (guaranteed) termination of the program when ...
Cyclic proofs of program termination in separation logic
POPL '08: Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesWe propose a novel approach to proving the termination of heap-manipulating programs, which combines separation logic with cyclic proof within a Hoare-style proof system.Judgements in this system express (guaranteed) termination of the program when ...






Comments