Abstract
We verify the partial correctness of a "local generic solver", that is, an on-demand, incremental, memoizing least fixed point computation algorithm. The verification is carried out in Iris, a modern breed of concurrent separation logic. The specification is simple: the solver computes the optimal least fixed point of a system of monotone equations. Although the solver relies on mutable internal state for memoization and for "spying", a form of dynamic dependency discovery, it is apparently pure: no side effects are mentioned in its specification. As auxiliary contributions, we provide several illustrations of the use of prophecy variables, a novel feature of Iris; we establish a restricted form of the infinitary conjunction rule; and we provide a specification and proof of Longley's modulus function, an archetypical example of spying.
Supplemental Material
- Martin Abadi and Leslie Lamport. 1988. The Existence of Refinement Mappings. In Logic in Computer Science (LICS). 165–175. https://www.microsoft.com/en- us/research/publication/the- existence- of- refinement- mappings/Google Scholar
- Kalmer Apinis, Helmut Seidl, and Vesal Vojdani. 2016. Enhancing Top-Down Solving with Widening and Narrowing. In Semantics, Logics, and Calculi – Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays (Lecture Notes in Computer Science), Vol. 9560. Springer, 272–288. http://kodu.ut.ee/~vesal/papers/Apinis_ 2015_ETS.pdfGoogle Scholar
- Andrej Bauer, Martin Hofmann, and Aleksandr Karbyshev. 2013. On Monadic Parametricity of Second-Order Functionals. In Foundations of Software Science and Computation Structures (FOSSACS) (Lecture Notes in Computer Science), Vol. 7794. Springer, 225–240. https://www.tcs.ifi.lmu.de/mitarbeiter/martin- hofmann/publikationen- pdfs/c69-onmonadicparametricityof2orderfunction.pdfGoogle Scholar
- Frédéric Besson, David Cachera, Thomas P. Jensen, and David Pichardie. 2009. Certified Static Analysis by Abstract Interpretation. In Foundations of Security Analysis and Design (Lecture Notes in Computer Science), Vol. 5705. Springer, 223–257. https://people.irisa.fr/David.Pichardie/papers/fosad09.pdfGoogle Scholar
- David Cachera and David Pichardie. 2010. A Certified Denotational Abstract Interpreter. In Interactive Theorem Proving (ITP) (Lecture Notes in Computer Science), Vol. 6172. Springer, 9–24. https://hal.inria.fr/inria- 00537810/Google Scholar
- Arthur Charguéraud. 2010a. Characteristic Formulae for Mechanized Program Verification. Ph.D. Dissertation. Université Paris 7. http://www.chargueraud.org/research/2010/thesis/thesis_final.pdfGoogle Scholar
- Arthur Charguéraud. 2010b. The Optimal Fixed Point Combinator. In Interactive Theorem Proving (ITP) (Lecture Notes in Computer Science), Vol. 6172. Springer, 195–210. http://www.chargueraud.org/research/2010/fix/fix.pdfGoogle Scholar
Digital Library
- Patrick Cousot and Radhia Cousot. 1977. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Principles of Programming Languages (POPL). 238–252. http://www.di.ens. fr/~cousot/publications.www/CousotCousot- POPL- 77- ACM- p238- - 252- 1977.pdfGoogle Scholar
- Paulo Emílio de Vilhena, Jacques-Henri Jourdan, and François Pottier. 2020. Coq proofs for “Spy game”. https://gitlab.inria. fr/pdevilhe/spy- game .Google Scholar
- Christian Fecht and Helmut Seidl. 1999. A Faster Solver for General Systems of Equations. Science of Computer Programming 35, 2–3 (1999), 137–162. http://www2.in.tum.de/~seidl/papers/final- solver.ps.gzGoogle Scholar
Digital Library
- R. W. Floyd. 1967. Assigning meanings to programs. In Mathematical Aspects of Computer Science (Proceedings of Symposia in Applied Mathematics), Vol. 19. American Mathematical Society, 19–32. https://people.eecs.berkeley.edu/~necula/ Papers/FloydMeaning.pdfGoogle Scholar
Cross Ref
- Alexey Gotsman, Josh Berdine, Byron Cook, Noam Rinetzky, and Mooly Sagiv. 2007. Local Reasoning for Storable Locks and Threads. In Asian Symposium on Programming Languages and Systems (APLAS) (Lecture Notes in Computer Science), Vol. 4807. Springer, 19–37. Google Scholar
Cross Ref
- Aquinas Hobor, Andrew W. Appel, and Francesco Zappa Nardelli. 2008. Oracle Semantics for Concurrent Separation Logic. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science), Vol. 4960. Springer, 353–367. http://www.cs.princeton.edu/~appel/papers/concurrent.pdfGoogle Scholar
- Martin Hofmann, Aleksandr Karbyshev, and Helmut Seidl. 2010a. Verifying a Local Generic Solver in Coq. In Static Analysis Symposium (SAS) (Lecture Notes in Computer Science), Vol. 6337. Springer, 340–355. http://goblint.in.tum.de/papers/coq.pdfGoogle Scholar
Cross Ref
- Martin Hofmann, Aleksandr Karbyshev, and Helmut Seidl. 2010b. What Is a Pure Functional?. In International Colloquium on Automata, Languages and Programming (Lecture Notes in Computer Science), Vol. 6199. Springer, 199–210. http: //www2.in.tum.de/bib/files/Hofmann10Pure.pdfGoogle Scholar
- Jacques-Henri Jourdan. 2016. Verasco: a Formally Verified C Static Analyzer. Ph.D. Dissertation. Université Paris Diderot. https://jhjourdan.mketjh.fr/thesis_jhjourdan.pdfGoogle Scholar
- Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Aleš Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. Journal of Functional Programming 28 (2018), e20. https://people.mpi- sws.org/~dreyer/papers/iris- ground- up/paper.pdfGoogle Scholar
- Ralf Jung, Rodolphe Lepigre, Gaurav Parthasarathy, Marianna Rapoport, Amin Timany, Derek Dreyer, and Bart Jacobs. 2020. The Future is Ours: Prophecy Variables in Separation Logic. Proceedings of the ACM on Programming Languages POPL (2020).Google Scholar
Digital Library
- John B. Kam and Jeffrey D. Ullman. 1976. Global Data Flow Analysis and Iterative Algorithms. Journal of the ACM 23, 1 (1976), 158–171. Google Scholar
Digital Library
- Aleksandr Karbyshev. 2013. Monadic Parametricity of Second-Order Functionals. Ph.D. Dissertation. Technische Universität München. http://mediatum.ub.tum.de/node?id=1144371Google Scholar
- Gary A. Kildall. 1973. A unified approach to global program optimization. In Principles of Programming Languages (POPL). 194–206. Google Scholar
Digital Library
- Baudouin Le Charlier and Pascal Van Hentenryck. 1992. A Universal Top-Down Fixpoint Algorithm. Technical Report CS-92-25. Brown University. ftp://ftp.cs.brown.edu/pub/techreports/92/cs92- 25.ps.gzGoogle Scholar
- John Longley. 1999. When is a Functional Program Not a Functional Program?. In International Conference on Functional Programming (ICFP). 1–7. Google Scholar
Digital Library
- Magnus Madsen, Ming-Ho Yee, and Ondrej Lhoták. 2016. From Datalog to Flix: a declarative language for fixed points on lattices. In Programming Language Design and Implementation (PLDI). 194–208. https://plg.uwaterloo.ca/~olhotak/pubs/ pldi16.pdfGoogle Scholar
- K. Muthukumar and M. V. Hermenegildo. 1990. Deriving A Fixpoint Computation Algorithm for Top-down Abstract Interpretation of Logic Programs. Technical Report ACT-DC-153-90. Microelectronics and Computer Technology Corporation. http://oa.upm.es/15292/1/HERME_TCREP_ANDMANS_1990- 1.pdfGoogle Scholar
- Glen Mével, Jacques-Henri Jourdan, and François Pottier. 2019. Time credits and time receipts in Iris. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science), Luis Caires (Ed.), Vol. 11423. Springer, 1–27. http://gallium. inria.fr/~fpottier/publis/mevel- jourdan- pottier- time- in- iris- 2019.pdfGoogle Scholar
Cross Ref
- Peter W. O’Hearn. 2007. Resources, Concurrency and Local Reasoning. Theoretical Computer Science 375, 1–3 (2007), 271–307. http://www.cs.ucl.ac.uk/staff/p.ohearn/papers/concurrency.pdfGoogle Scholar
Digital Library
- David Pichardie. 2008. Building Certified Static Analysers by Modular Construction of Well-founded Lattices. Electronic Notes in Theoretical Computer Science 212 (2008), 225–239. Google Scholar
Digital Library
- François Pottier. 2009. Lazy Least Fixed Points in ML. (2009). http://gallium.inria.fr/~fpottier/publis/fpottier- fix.pdf Unpublished.Google Scholar
- François Pottier. 2019. Fix. https://gitlab.inria.fr/fpottier/fix .Google Scholar
- Helmut Seidl and Ralf Vogler. 2018. Three Improvements to the Top-Down Solver. In Principles and Practice of Declarative Programming (PPDP). 21:1–21:14. Google Scholar
Digital Library
- Helmut Seidl, Reinhard Wilhelm, and Sebastian Hack. 2012. Compiler Design: Analysis and Transformation. Springer. Google Scholar
Cross Ref
- Bart Vergauwen, J. Wauman, and Johan Lewi. 1994. Efficient fixpoint computation. In Static Analysis Symposium (SAS) (Lecture Notes in Computer Science), Vol. 864. Springer, 314–328. Google Scholar
Cross Ref
Index Terms
Spy game: verifying a local generic solver in Iris
Recommendations
The future is ours: prophecy variables in separation logic
Early in the development of Hoare logic, Owicki and Gries introduced auxiliary variables as a way of encoding information about the history of a program’s execution that is useful for verifying its correctness. Over a decade later, Abadi and Lamport ...
Cyclic proofs of program termination in separation logic
POPL '08We propose a novel approach to proving the termination of heap-manipulating programs, which combines separation logic with cyclic proof within a Hoare-style proof system.Judgements in this system express (guaranteed) termination of the program when ...
VST-Floyd: A Separation Logic Tool to Verify Correctness of C Programs
The Verified Software Toolchain builds foundational machine-checked proofs of the functional correctness of C programs. Its program logic, Verifiable C, is a shallowly embedded higher-order separation Hoare logic which is proved sound in Coq with ...






Comments