skip to main content

Steel: proof-oriented programming in a dependently typed concurrent separation logic

Published:19 August 2021Publication History
Skip Abstract Section

Abstract

Steel is a language for developing and proving concurrent programs embedded in F, a dependently typed programming language and proof assistant. Based on SteelCore, a concurrent separation logic (CSL) formalized in F, our work focuses on exposing the proof rules of the logic in a form that enables programs and proofs to be effectively co-developed.

Our main contributions include a new formulation of a Hoare logic of quintuples involving both separation logic and first-order logic, enabling efficient verification condition (VC) generation and proof discharge using a combination of tactics and SMT solving. We relate the VCs produced by our quintuple system to solving a system of associativity-commutativity (AC) unification constraints and develop tactics to (partially) solve these constraints using AC-matching modulo SMT-dischargeable equations.

Our system is fully mechanized and implemented in F. We evaluate it by developing several verified programs and libraries, including various sequential and concurrent linked data structures, proof libraries, and a library for 2-party session types. Our experience leads us to conclude that our system enables a mixture of automated and interactive proof, making it productive to build programs foundationally verified against a highly expressive, state-of-the-art CSL.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

This is a presentation video of the ICFP 21 talk about the paper "Steel: Proof-Oriented Programming in a Dependently Typed Concurrent Separation Logic"

3473590.mp4

Presentation Videos

References

  1. Andrew W. Appel. 2011. Verified Software Toolchain. In Proceedings of the 20th European Conference on Programming Languages and Systems: Part of the Joint European Conferences on Theory and Practice of Software (ESOP’11/ETAPS’11). Springer-Verlag, Berlin, Heidelberg. 1–17. isbn:9783642197178Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Josh Berdine, Cristiano Calcagno, and Peter W. O’hearn. 2005. Smallfoot: Modular automatic assertion checking with separation logic. In In International Symposium on Formal Methods for Components and Objects. Springer, 115–137.Google ScholarGoogle Scholar
  3. Edwin Brady. 2016. Type-driven Development With Idris. Manning. isbn:9781617293023 http://www.worldcat.org/isbn/9781617293023Google ScholarGoogle Scholar
  4. James Brotherston, Nikos Gorogiannis, and Rasmus L. Petersen. 2012. A Generic Cyclic Theorem Prover. In Programming Languages and Systems, Ranjit Jhala and Atsushi Igarashi (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 350–367.Google ScholarGoogle Scholar
  5. Arthur Charguéraud. 2011. Characteristic Formulae for the Verification of Imperative Programs. In Proceedings of the 16th ACM SIGPLAN International Conference on Functional Programming (ICFP ’11). ACM, New York, NY, USA. 418–430. isbn:978-1-4503-0865-6 https://doi.org/10.1145/2034773.2034828 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Adam Chlipala. 2011. Mostly-Automated Verification of Low-Level Programs in Computational Separation Logic. Association for Computing Machinery, New York, NY, USA. isbn:9781450306638 https://doi.org/10.1145/1993498.1993526 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Leonardo Mendonça de Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS (Lecture Notes in Computer Science, Vol. 4963). Springer, 337–340. isbn:978-3-540-78799-0 https://doi.org/10.1007/978-3-540-78800-3_24 Google ScholarGoogle Scholar
  8. Gabriel Ebner, Sebastian Ullrich, Jared Roesch, Jeremy Avigad, and Leonardo de Moura. 2017. A Metaprogramming Framework for Formal Verification. Proc. ACM Program. Lang., 1, ICFP (2017), Article 34, Aug., 29 pages. https://doi.org/10.1145/3110278 Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. François Fages. 1984. Associative-Commutative Unification. In 7th International Conference on Automated Deduction, R. E. Shostak (Ed.). Springer New York, New York, NY. 194–208.Google ScholarGoogle Scholar
  10. Georges Gonthier, Assia Mahboubi, and Enrico Tassi. 2016. A Small Scale Reflection Extension for the Coq system. Inria Saclay Ile de France. https://hal.inria.fr/inria-00258384Google ScholarGoogle Scholar
  11. Jonas Kastberg Hinrichsen, Jesper Bengtson, and Robbert Krebbers. 2019. Actris: Session-Type Based Reasoning in Separation Logic. Proc. ACM Program. Lang., 4, POPL (2019), Article 6, Dec., 30 pages. https://doi.org/10.1145/3371074 Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Aquinas Hobor and Jules Villard. 2013. The Ramifications of Sharing in Data Structures. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’13). Association for Computing Machinery, New York, NY, USA. 523–536. isbn:9781450318327 https://doi.org/10.1145/2429069.2429131 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Radu Iosif, Adam Rogalewicz, and Tomáš Vojnar. 2014. Deciding Entailments in Inductive Separation Logic with Tree Automata. In Automated Technology for Verification and Analysis, Franck Cassez and Jean-François Raskin (Eds.). Springer International Publishing, Cham. 201–218.Google ScholarGoogle Scholar
  14. Samin S. Ishtiaq and Peter W. O’Hearn. 2001. BI as an Assertion Language for Mutable Data Structures. In Conference Record of POPL 2001: The 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, London, UK, January 17-19, 2001, Chris Hankin and Dave Schmidt (Eds.). ACM, 14–26. isbn:1-58113-336-7 http://dl.acm.org/citation.cfm?id=360204Google ScholarGoogle Scholar
  15. Bart Jacobs, Jan Smans, Pieter Philippaerts, Frédéric Vogels, Willem Penninckx, and Frank Piessens. 2011. VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java. In NASA Formal Methods.Google ScholarGoogle Scholar
  16. Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. J. Funct. Program., 28 (2018), e20. https://doi.org/10.1017/S0956796818000151 Google ScholarGoogle ScholarCross RefCross Ref
  17. Deepak Kapur and Paliath Narendran. 1987. Matching, Unification and Complexity. SIGSAM Bull., 21, 4 (1987), Nov., 6–9. issn:0163-5824 https://doi.org/10.1145/36330.36332 Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. K. Rustan M. Leino. 2010. Dafny: An Automatic Program Verifier for Functional Correctness. In Proceedings of the 16th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR’10). Springer-Verlag, Berlin, Heidelberg. 348–370. isbn:3-642-17510-4, 978-3-642-17510-7 http://dl.acm.org/citation.cfm?id=1939141.1939161Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. K. Rustan M. Leino and Michał Moskal. 2010. Usable Auto-Active Verification.Google ScholarGoogle Scholar
  20. K. R. M. Leino, P. Müller, and J. Smans. 2009. Verification of Concurrent Programs with Chalice. In Foundations of Security Analysis and Design V, A. Aldini, G. Barthe, and R. Gorrieri (Eds.) (Lecture Notes in Computer Science, Vol. 5705). Springer-Verlag, 195–222.Google ScholarGoogle Scholar
  21. Guido Martínez, Danel Ahman, Victor Dumitrescu, Nick Giannarakis, Chris Hawblitzel, Cătălin Hriţcu, Monal Narasimhamurthy, Zoe Paraskevopoulou, Clément Pit-Claudel, Jonathan Protzenko, Tahina Ramananandro, Aseem Rastogi, and Nikhil Swamy. 2019. Meta-F*: Proof Automation with SMT, Tactics, and Metaprograms. In 28th European Symposium on Programming (ESOP). Springer, 30–59. https://doi.org/10.1007/978-3-030-17184-1_2 Google ScholarGoogle ScholarCross RefCross Ref
  22. Maged M. Michael and Michael L. Scott. 1996. Simple, Fast, and Practical Non-Blocking and Blocking Concurrent Queue Algorithms. In Proceedings of the Fifteenth Annual ACM Symposium on Principles of Distributed Computing (PODC ’96). Association for Computing Machinery, New York, NY, USA. 267–275. isbn:0897918002 https://doi.org/10.1145/248052.248106 Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. P. Müller, M. Schwerhoff, and A. J. Summers. 2016. Viper: A Verification Infrastructure for Permission-Based Reasoning. In Verification, Model Checking, and Abstract Interpretation (VMCAI), B. Jobstmann and K. R. M. Leino (Eds.) (LNCS, Vol. 9583). Springer-Verlag, 41–62.Google ScholarGoogle Scholar
  24. Aleksandar Nanevski, Anindya Banerjee, Germán Andrés Delbianco, and Ignacio Fábregas. 2019. Specifying concurrent programs in separation logic: morphisms and simulations. PACMPL, 3, OOPSLA (2019), 161:1–161:30. https://doi.org/10.1145/3360587 Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Aleksandar Nanevski, J. Gregory Morrisett, and Lars Birkedal. 2008. Hoare type theory, polymorphism and separation. J. Funct. Program., 18, 5-6 (2008), 865–911. http://ynot.cs.harvard.edu/papers/jfpsep07.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  26. Greg Nelson and Derek C. Oppen. 1979. Simplification by Cooperating Decision Procedures. ACM Trans. Program. Lang. Syst., 1, 2 (1979), Oct., 245–257. issn:0164-0925 https://doi.org/10.1145/357073.357079 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Peter W. O’Hearn. 2004. Resources, Concurrency and Local Reasoning. In CONCUR 2004 - Concurrency Theory, Philippa Gardner and Nobuko Yoshida (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 49–67. isbn:978-3-540-28644-8Google ScholarGoogle Scholar
  28. Susan Owicki and David Gries. 1976. Verifying Properties of Parallel Programs: An Axiomatic Approach. Commun. ACM.Google ScholarGoogle Scholar
  29. M. J. Parkinson and A. J. Summers. 2012. The Relationship Between Separation Logic and Implicit Dynamic Frames. Logical Methods in Computer Science, 8, 3:01 (2012), 1–54.Google ScholarGoogle ScholarCross RefCross Ref
  30. Aseem Rastogi, Guido Martínez, Aymeric Fromherz, Tahina Ramananandro, and Nikhil Swamy. 2020. Layered Indexed Effects: Foundations and Applications of Effectful Dependently Typed Programming. https://www.fstar-lang.org/papers/layeredeffects/ In submission.Google ScholarGoogle Scholar
  31. John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science (LICS ’02). IEEE Computer Society, USA. 55–74. isbn:0769514839Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. M. Sammler, R. Lepigre, R. Krebbers, K. Memarian, D. Dreyer, and D. Garg. 2021. RefinedC: Automating the Foundational Verification of C Code with Refined Ownership Types. In to appear in Programming Languages Design and Implementation (PLDI). ACM.Google ScholarGoogle Scholar
  33. Nikhil Swamy, Cătălin Hriţcu, Chantal Keller, Aseem Rastogi, Antoine Delignat-Lavaud, Simon Forest, Karthikeyan Bhargavan, Cédric Fournet, Pierre-Yves Strub, Markulf Kohlweiss, Jean-Karim Zinzindohoué, and Santiago Zanella-Béguelin. 2016. Dependent Types and Multi-Monadic Effects in F*. In 43rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL). ACM, 256–270. isbn:978-1-4503-3549-2 https://www.fstar-lang.org/papers/mumon/Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Nikhil Swamy, Aseem Rastogi, Aymeric Fromherz, Denis Merigoux, Danel Ahman, and Guido Martínez. 2020. SteelCore: An Extensible Concurrent Separation Logic for Effectful Dependently Typed Programs. Proc. ACM Program. Lang., 4, ICFP (2020), Article 121, Aug., 30 pages. https://doi.org/10.1145/3409003 Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Nikhil Swamy, Joel Weinberger, Cole Schlesinger, Juan Chen, and Benjamin Livshits. 2013. Verifying Higher-order Programs with the Dijkstra Monad. In Proceedings of the 34th annual ACM SIGPLAN conference on Programming Language Design and Implementation (PLDI ’13). 387–398. https://www.microsoft.com/en-us/research/publication/verifying-higher-order-programs-with-the-dijkstra-monad/Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Simon Friis Vindum and Lars Birkedal. 2021. Contextual Refinement of the Michael-Scott Queue (Proof Pearl). In Proceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP 2021). Association for Computing Machinery, New York, NY, USA. 76–90. isbn:9781450382991 https://doi.org/10.1145/3437992.3439930 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Hongseok Yang, Oukseh Lee, Josh Berdine, Cristiano Calcagno, Byron Cook, and Dino Distefano. 2008. Scalable shape analysis for systems code. In In CAV.Google ScholarGoogle Scholar

Index Terms

  1. Steel: proof-oriented programming in a dependently typed concurrent separation logic

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!