skip to main content

Conditional Contextual Refinement

Published:11 January 2023Publication History
Skip Abstract Section

Abstract

Much work in formal verification of low-level systems is based on one of two approaches: refinement or separation logic. These two approaches have complementary benefits: refinement supports the use of programs as specifications, as well as transitive composition of proofs, whereas separation logic supports conditional specifications, as well as modular ownership reasoning about shared state. A number of verification frameworks employ these techniques in tandem, but in all such cases the benefits of the two techniques remain separate. For example, in frameworks that use relational separation logic to prove contextual refinement, the relational separation logic judgment does not support transitive composition of proofs, while the contextual refinement judgment does not support conditional specifications. In this paper, we propose Conditional Contextual Refinement (or CCR, for short), the first verification system to not only combine refinement and separation logic in a single framework but also to truly marry them together into a unified mechanism enjoying all the benefits of refinement and separation logic simultaneously. Specifically, unlike in prior work, CCR’s refinement specifications are both conditional (with separation logic pre- and post-conditions) and transitively composable. We implement CCR in Coq and evaluate its effectiveness on a range of interesting examples.

References

  1. Andrew W. Appel. 2014. Program Logics for Certified Compilers. Cambridge University Press. https://www.cambridge.org/de/academic/subjects/computer-science/programming-languages-and-applied-logic/program-logics-certified-compilers Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. R.J.R. Back. 1981. On correct refinement of programs. J. Comput. System Sci., 23, 1 (1981), 49–68. issn:0022-0000 https://doi.org/10.1016/0022-0000(81)90005-2 Google ScholarGoogle ScholarCross RefCross Ref
  3. Ralph-Johan Back and Joakim Wright. 2012. Refinement calculus: a systematic introduction. Springer Science & Business Media. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Nick Benton. 2004. Simple Relational Correctness Proofs for Static Analyses and Program Transformations. In Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’04). Association for Computing Machinery, New York, NY, USA. 14–25. isbn:158113729X https://doi.org/10.1145/964001.964003 Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Lars Birkedal and Aleš Bizjak. 2020. Lecture notes on iris: Higher-order concurrent separation logic. https://iris-project.org/tutorial-material.html Google ScholarGoogle Scholar
  6. Arthur Charguéraud. 2020. Separation Logic for Sequential Programs (Functional Pearl). Proc. ACM Program. Lang., 4, ICFP (2020), Article 116, aug, 34 pages. https://doi.org/10.1145/3408998 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Derek Dreyer, Georg Neis, Andreas Rossberg, and Lars Birkedal. 2010. A Relational Modal Logic for Higher-Order Stateful ADTs. In Proceedings of the 37th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. https://doi.org/10.1145/1706299.1706323 Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2018. ReLoC: A mechanised relational logic for fine-grained concurrency. In Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science. 442–451. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2021. ReLoC Reloaded: A Mechanized Relational Logic for Fine-Grained Concurrency and Logical Atomicity. Log. Methods Comput. Sci., 17, 3 (2021), https://doi.org/10.46298/lmcs-17(3:9)2021 Google ScholarGoogle ScholarCross RefCross Ref
  10. Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2021. ReLoC Reloaded: A Mechanized Relational Logic for Fine-Grained Concurrency and Logical Atomicity. Logical Methods in Computer Science, Volume 17, Issue 3 (2021), Jul, issn:1860-5974 https://doi.org/10.46298/lmcs-17(3:9)2021 Google ScholarGoogle ScholarCross RefCross Ref
  11. Lennard Gäher, Michael Sammler, Simon Spies, Ralf Jung, Hoang-Hai Dang, Robbert Krebbers, Jeehoon Kang, and Derek Dreyer. 2022. Simuliris: a separation logic framework for verifying concurrent program optimizations. Proc. ACM Program. Lang., 6, POPL (2022), 1–31. https://doi.org/10.1145/3498689 Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Liang Gu, Alexander Vaynberg, Bryan Ford, Zhong Shao, and David Costanzo. 2011. CertiKOS: A Certified Kernel for Secure Cloud Computing. In Proceedings of the 2nd ACM SIGOPS Asia-Pacific Workshop on Systems (APSys 2011). Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Ronghui Gu, Jérémie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan (Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2015. Deep Specifications and Certified Abstraction Layers. In Proceedings of the 42nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2015). Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Ronghui Gu, Zhong Shao, Hao Chen, Xiongnan Wu, Jieung Kim, Vilhelm Sjöberg, and David Costanzo. 2016. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2016). Google ScholarGoogle Scholar
  15. Chung-Kil Hur, Derek Dreyer, Georg Neis, and Viktor Vafeiadis. 2012. The Marriage of Bisimulations and Kripke Logical Relations. In Proceedings of the 39th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2012). Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Chung-Kil Hur, Georg Neis, Derek Dreyer, and Viktor Vafeiadis. 2013. The Power of Parameterization in Coinductive Proof. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’13). Association for Computing Machinery, New York, NY, USA. 193–206. isbn:9781450318327 https://doi.org/10.1145/2429069.2429093 Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Aleš Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. Journal of Functional Programming, 28 (2018), e20. https://doi.org/10.1017/S0956796818000151 Google ScholarGoogle ScholarCross RefCross Ref
  18. Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. https://doi.org/10.1145/2676726.2676980 Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal verification of an OS kernel. In SOSP. ACM, 207–220. https://doi.org/10.1145/1629575.1629596 Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Thomas Kleymann. 1999. Hoare Logic and Auxiliary Variables. Form. Asp. Comput., 11, 5 (1999), dec, 541–566. https://doi.org/10.1007/s001650050057 Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Jérémie Koenig. 2020. Refinement-Based Game Semantics for Certified Components. https://flint.cs.yale.edu/flint/publications/koenig-phd.pdf Google ScholarGoogle Scholar
  22. Jérémie Koenig and Zhong Shao. 2020. Refinement-Based Game Semantics for Certified Abstraction Layers. In Proceedings of the 35th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS ’20). Association for Computing Machinery, New York, NY, USA. 633–647. isbn:9781450371049 https://doi.org/10.1145/3373718.3394799 Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017. Interactive Proofs in Higher-Order Concurrent Separation Logic. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2017). Association for Computing Machinery, New York, NY, USA. 205–217. isbn:9781450346603 https://doi.org/10.1145/3009837.3009855 Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Xavier Leroy. 2006. Formal Certification of a Compiler Back-end or: Programming a Compiler with a Proof Assistant. In Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2006). Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Shih-Wei Li, Xupeng Li, Ronghui Gu, Jason Nieh, and John Zhuang Hui. 2021. A Secure and Formally Verified Linux KVM Hypervisor. In IEEE Symposium on Security and Privacy. IEEE, 1782–1799. https://doi.org/10.1109/SP40001.2021.00049 Google ScholarGoogle ScholarCross RefCross Ref
  26. Hongjin Liang and Xinyu Feng. 2016. A program logic for concurrent objects under fair scheduling. In POPL. 385–399. https://doi.org/10.1145/2837614.2837635 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Jacob R Lorch, Yixuan Chen, Manos Kapritsos, Bryan Parno, Shaz Qadeer, Upamanyu Sharma, James R Wilcox, and Xueyuan Zhao. 2020. Armada: low-effort verification of high-performance concurrent programs. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. 197–210. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. John C Reynolds. 2002. Separation logic: A logic for shared mutable data structures. In Proceedings 17th Annual IEEE Symposium on Logic in Computer Science. 55–74. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Thomas Schreiber. 1997. Auxiliary Variables and Recursive Procedures. In Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development (TAPSOFT ’97). Springer-Verlag, Berlin, Heidelberg. 697–711. isbn:3540627812 Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Youngju Song, Minki Cho, Dongjoo Kim, Yonghyun Kim, Jeehoon Kang, and Chung-Kil Hur. 2019. CompCertM: CompCert with C-Assembly Linking and Lightweight Modular Verification. Proc. ACM Program. Lang., 4, POPL (2019), Article 23, Dec., 31 pages. https://doi.org/10.1145/3371091 Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Youngju Song, Minki Cho, Dongjae Lee, Chung-Kil Hur, Michael Sammler, and Derek Dreyer. 2022. CCR: Technical documentation and Coq development.. https://sf.snu.ac.kr/ccr/ Google ScholarGoogle Scholar
  32. Aaron Turon, Derek Dreyer, and Lars Birkedal. 2013. Unifying refinement and Hoare-style reasoning in a logic for higher-order concurrency. In Proceedings of the 18th ACM SIGPLAN international conference on Functional programming. 377–390. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Li-yao Xia, Yannick Zakowski, Paul He, Chung-Kil Hur, Gregory Malecha, Benjamin C. Pierce, and Steve Zdancewic. 2019. Interaction Trees: Representing Recursive and Impure Programs in Coq. Proc. ACM Program. Lang., 4, POPL (2019), Article 51, Dec., 32 pages. https://doi.org/10.1145/3371119 Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Hongseok Yang. 2007. Relational separation logic. Theor. Comput. Sci., 375, 1-3 (2007), 308–334. https://doi.org/10.1016/j.tcs.2006.12.036 Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Conditional Contextual Refinement

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!