mechanized proofs in higher order separation logic
play

Mechanized proofs in higher-order separation logic Robbert Krebbers - PowerPoint PPT Presentation

Jan 03, 2023 •8 likes •978 views

Mechanized proofs in higher-order separation logic Robbert Krebbers Delft University of Technology, The Netherlands February 5, 2019 @ Vrije Universiteit, Amsterdam, The Netherlands 1 Tactic-style proofs (as in LCF/Coq/HOL/ etc. ) have shown to

  1. Mechanized proofs in higher-order separation logic Robbert Krebbers Delft University of Technology, The Netherlands February 5, 2019 @ Vrije Universiteit, Amsterdam, The Netherlands 1

  2. Tactic-style proofs (as in LCF/Coq/HOL/ etc. ) have shown to be effective in large-scale proof developments (CompCert, Four color, Feit-Thompson, Kepler, . . . ) 2

  3. Basic example of tactic-style proofs in Coq Lemma test { A } ( P Q : Prop ) (Ψ : A → Prop ) : P ∧ ( ∃ a , Ψ a ) ∧ Q → Q ∧ ∃ a , P ∧ Ψ a . Proof . intros [H1 [H2 H3]]. destruct H2 as [x H2]. split. - assumption. - exists x. auto. Qed. 3

  4. Basic example of tactic-style proofs in Coq 1 subgoal Lemma test { A } ( P Q : Prop ) (Ψ : A → Prop ) : A : Type P ∧ ( ∃ a , Ψ a ) ∧ Q → Q ∧ ∃ a , P ∧ Ψ a . P , Q : Prop Proof . Ψ : A → Prop intros [H1 [H2 H3]]. H1 : P destruct H2 as [x H2]. H2 : ∃ a : A , Ψ a split. H3 : Q - assumption. (1/1) - exists x. Q ∧ ( ∃ a : A , P ∧ Ψ a ) auto. Qed. 3

  5. Basic example of tactic-style proofs in Coq 1 subgoal Lemma test { A } ( P Q : Prop ) (Ψ : A → Prop ) : A : Type P ∧ ( ∃ a , Ψ a ) ∧ Q → Q ∧ ∃ a , P ∧ Ψ a . P , Q : Prop Proof . Context Ψ : A → Prop intros [H1 [H2 H3]]. H1 : P destruct H2 as [x H2]. H2 : ∃ a : A , Ψ a split. H3 : Q - assumption. (1/1) Goal - exists x. Q ∧ ( ∃ a : A , P ∧ Ψ a ) auto. Qed. 3

  6. Basic example of tactic-style proofs in Coq 1 subgoal Lemma test { A } ( P Q : Prop ) (Ψ : A → Prop ) : A : Type P ∧ ( ∃ a , Ψ a ) ∧ Q → Q ∧ ∃ a , P ∧ Ψ a . P , Q : Prop Proof . Ψ : A → Prop intros [H1 [H2 H3]]. H1 : P destruct H2 as [x H2]. H2 : ∃ a : A , Ψ a split. H3 : Q - assumption. (1/1) - exists x. Q ∧ ( ∃ a : A , P ∧ Ψ a ) auto. Qed. 3

  7. Basic example of tactic-style proofs in Coq 1 subgoal Lemma test { A } ( P Q : Prop ) (Ψ : A → Prop ) : A : Type P ∧ ( ∃ a , Ψ a ) ∧ Q → Q ∧ ∃ a , P ∧ Ψ a . P , Q : Prop Proof . Ψ : A → Prop intros [H1 [H2 H3]]. H1 : P destruct H2 as [x H2]. x : A split. H2 : Ψ x - assumption. H3 : Q - exists x. (1/1) Q ∧ ( ∃ a : A , P ∧ Ψ a ) auto. Qed. 3

  8. Basic example of tactic-style proofs in Coq 1 subgoal Lemma test { A } ( P Q : Prop ) (Ψ : A → Prop ) : A : Type P ∧ ( ∃ a , Ψ a ) ∧ Q → Q ∧ ∃ a , P ∧ Ψ a . P , Q : Prop Proof . Ψ : A → Prop intros [H1 [H2 H3]]. H1 : P destruct H2 as [x H2]. x : A split. H2 : Ψ x - assumption. H3 : Q - exists x. (1/1) Q ∧ ( ∃ a : A , P ∧ Ψ a ) auto. Qed. 3

  9. Basic example of tactic-style proofs in Coq 2 subgoals Lemma test { A } ( P Q : Prop ) (Ψ : A → Prop ) : A : Type P ∧ ( ∃ a , Ψ a ) ∧ Q → Q ∧ ∃ a , P ∧ Ψ a . P , Q : Prop Proof . Ψ : A → Prop intros [H1 [H2 H3]]. H1 : P destruct H2 as [x H2]. x : A split. H2 : Ψ x - assumption. H3 : Q - exists x. (1/2) Q auto. (2/2) Qed. ∃ a : A , P ∧ Ψ a 3

  10. Basic example of tactic-style proofs in Coq No more subgoals . Lemma test { A } ( P Q : Prop ) (Ψ : A → Prop ) : P ∧ ( ∃ a , Ψ a ) ∧ Q → Q ∧ ∃ a , P ∧ Ψ a . Proof . intros [H1 [H2 H3]]. destruct H2 as [x H2]. split. - assumption. - exists x. auto. Qed. 3

  11. Basic example of tactic-style proofs in Coq Lemma test { A } ( P Q : Prop ) (Ψ : A → Prop ) : P ∧ ( ∃ a , Ψ a ) ∧ Q → Q ∧ ∃ a , P ∧ Ψ a . Proof . intros [H1 [H2 H3]]. by firstorder (* automate this *). Qed. Scales in practice ◮ High-level tactics for arithmetic, Prolog-style search, algebra, . . . ◮ Compact syntax for combining tactics (ssreflect) ◮ Tactic programming (using ML, Ltac, . . . ) 3

  12. Tactic-style proofs for other logics, like separation logic 4

  13. Separation logic [O’Hearn, Reynolds, Yang; CSL’01] Propositions P , Q denote ownership of resources Separating conjunction P ∗ Q : The resources consists of separate parts satisfying P and Q Basic example: { x �→ v 1 ∗ y �→ v 2 } swap ( x , y ) { x �→ v 2 ∗ y �→ v 1 } the ∗ ensures that x and y are different memory locations 5

  14. Why is separation logic useful? Separation logic is very useful: ◮ It provides a high level of modularity ◮ It scales to fancy PL features like concurrency Just in Coq, there is an ever growing collection of separation logics: ◮ Bedrock ◮ CFML ◮ Charge! ◮ CHL ⊣⊢ * ◮ FCSL ◮ Iris ◮ VST ◮ . . . 6

  15. Problem: Cannot reuse the tactics/context of the proof assistant when reasoning in an embedded logic like separation logic 7

  16. Goal of this talk Enable tactic-style proofs in separation logic ◮ Extend Coq with named proof contexts for separation logic ◮ Tactics for introduction and elimination of all connectives of separation logic . . . ◮ . . . that can be used in Coq’s mechanisms for automation/tactic programming ◮ Implemented without modifying Coq (using reflection, type classes and Ltac) ⊣⊢ * 8

Recommend

Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2

Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2

Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2 Lars Birkedal 3 1 Delft University of Technology, The Netherlands 2 imec-Distrinet, KU Leuven, Belgium 3 Aarhus University, Denmark January 18, 2017 @

953 views • 71 slides
Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1

Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1

Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Delft University of Technology, The Netherlands June 12, 2017 @ MFPS, Ljubljana, Slovenia 1 Iris is joint work with: Ralf Jung, Jacques-Henri

1.16k views • 87 slides
Charge! a framework for higher-order separation logic in Coq Lars Birkedal Logic and Semantics

Charge! a framework for higher-order separation logic in Coq Lars Birkedal Logic and Semantics

Charge! a framework for higher-order separation logic in Coq Lars Birkedal Logic and Semantics Group Dept. of Comp. Science, Aarhus University (Joint work with J. Bengtson, J.B. Jensen, H. Mehnert, P . Sestoft, F . Sieczkowski) April 2013

499 views • 34 slides
Higher-Order Concurrent Separation Logic: Why and How Lars Birkedal Aarhus University Nijmegen,

Higher-Order Concurrent Separation Logic: Why and How Lars Birkedal Aarhus University Nijmegen,

Higher-Order Concurrent Separation Logic: Why and How Lars Birkedal Aarhus University Nijmegen, Netherlands Dec, 2015 Modular Reasoning about Higher-Order Concurrent Imperative Programs 1 / 33 Introduction Goal Program logics for

1.02k views • 63 slides
A Simple Model of Separation Logic for Higher-order Store Lars Birkedal IT University of

A Simple Model of Separation Logic for Higher-order Store Lars Birkedal IT University of

A Simple Model of Separation Logic for Higher-order Store Lars Birkedal IT University of Copenhagen Joint work with B. Reus, J. Schwinghammer, H. Yang July, 2008 Lars Birkedal (ITU) Sep. Logic for Higher-order Store ICALP 1 / 20

457 views • 20 slides
Why higher-order logic? Higher-Order logic Expressive Mathematics Verification

Why higher-order logic? Higher-Order logic Expressive Mathematics Verification

Extending SMT solvers to higher-order logic Haniel Barbosa Andrew Reynolds Daniel El Ouraoui Clark Barrett Cesare Tinelli SMT 2019 20190707, Lisbon, PT To be published in the proceedings of CADE 2019 Why higher-order logic?

569 views • 25 slides
Semantics and A utomation of Higher-Order Logic Some Remarks Christoph Benzm uller

Semantics and A utomation of Higher-Order Logic Some Remarks Christoph Benzm uller

Semantics and A utomation of Higher-Order Logic Some Remarks Christoph Benzm uller Department of Computer Science, Saarland University Workshop on Logic, Proofs and Programs 17 18 June 2004, Nancy First-order Logic c

607 views • 42 slides
Iris: a framework for higher-order concurrent separation logic in Coq Robbert Krebbers 1 Delft

Iris: a framework for higher-order concurrent separation logic in Coq Robbert Krebbers 1 Delft

Iris: a framework for higher-order concurrent separation logic in Coq Robbert Krebbers 1 Delft University of Technology, The Netherlands January 15, 2017 @ TTT, Paris, France 1 Iris is joint work with: Ralf Jung, Jacques-Hendri Jourdan, Ale s

1.49k views • 124 slides
Verifying a hash table and its iterators in higher-order separation logic Franois Pottier

Verifying a hash table and its iterators in higher-order separation logic Franois Pottier

Verifying a hash table and its iterators in higher-order separation logic Franois Pottier Vocal meeting Paris, November 10, 2016 Motivation Why verify a hash table implementation ? a simple and useful data structure implements an

499 views • 19 slides
Portable Higher Order Logic Proofs Joe Hurd and Rob Arthan Galois, Inc. and Lemma 1 Ltd.

Portable Higher Order Logic Proofs Joe Hurd and Rob Arthan Galois, Inc. and Lemma 1 Ltd.

Introduction Articles of Proof Theories Compressing Articles Summary Portable Higher Order Logic Proofs Joe Hurd and Rob Arthan Galois, Inc. and Lemma 1 Ltd. joe@galois.com and rda@lemma-one.com TEITP Workshop Wednesday 11 August 2010 Joe

565 views • 19 slides
Iron: Managing Obligations in Higher-Order Concurrent Separation Logic s Bizjak 1 Daniel Gratzer 1

Iron: Managing Obligations in Higher-Order Concurrent Separation Logic s Bizjak 1 Daniel Gratzer 1

Iron: Managing Obligations in Higher-Order Concurrent Separation Logic s Bizjak 1 Daniel Gratzer 1 Ale Robbert Krebbers 2 Lars Birkedal 1 1 Aarhus University 2 Delft University of Technology January 17, 2019 POPL 2019

566 views • 38 slides
Program Proofs in Hybrid Separation Logic Armal Guneau & Jules Villard Imperial College

Program Proofs in Hybrid Separation Logic Armal Guneau & Jules Villard Imperial College

I NTRODUCTION T HE copytree EXAMPLE H YBRID S EPARATION L OGIC E XAMPLE PROOFS A UTOMATIC REASONING C ONCLUSION Program Proofs in Hybrid Separation Logic Armal Guneau & Jules Villard Imperial College of London & ENS Lyon 4th

985 views • 51 slides
Lecture 2 : Interactive Proofs in EasyCrypt July 16th, 2013 The Ambient Logic EasyCrypt ambient

Lecture 2 : Interactive Proofs in EasyCrypt July 16th, 2013 The Ambient Logic EasyCrypt ambient

Lecture 2 : Interactive Proofs in EasyCrypt July 16th, 2013 The Ambient Logic EasyCrypt ambient logic is a general higher-order logic. In this talk How define facts about user defined operators How to prove them when automatic techniques

1.08k views • 71 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Jacques-Henri Jourdan 2 Ralf Jung 3 Joseph Tassarotti 4 Jan-Oliver Kaiser 3 Amin Timany 5 eraud 6 Derek Dreyer 3 Arthur Chargu 1 Delft

1.55k views • 141 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Jacques-Henri Jourdan 2 Ralf Jung 3 Joseph Tassarotti 4 Jan-Oliver Kaiser 3 Amin Timany 5 eraud 6 Derek Dreyer 3 Arthur Chargu 1 Delft

710 views • 49 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Delft University of Technology, The Netherlands October 9, 2018 @ Types Meeting, Aarhus, Denmark 1 MoSeL is joint work with Jacques-Henri

1.14k views • 98 slides
Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe and

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe and

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe and James Brotherston University College London TAPAS, Edinburgh, Wednesday 7 th September 2016 Automatically Proving Termination: Challenges proc

815 views • 57 slides
Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe,

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe,

Automatic Cyclic Termination Proofs for Recursive Procedures in Separation Logic Reuben Rowe, University of Kent, Canterbury James Brotherston, University College London CPP, Paris, France Monday 16 th January 2017 Automatically Proving

741 views • 70 slides
Cyclic Proofs of Program Termination in Separation Logic James Brotherston 1 , Richard Bornat

Cyclic Proofs of Program Termination in Separation Logic James Brotherston 1 , Richard Bornat

Cyclic Proofs of Program Termination in Separation Logic James Brotherston 1 , Richard Bornat 2 , and Cristiano Calcagno 1 1 Imperial College, London 2 Middlesex University, London Me 10 January, 2008 Overview We give a new method for

373 views • 11 slides
Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis

Biabduction (and Related Problems) in Array Separation Logic James Brotherston 1 Nikos Gorogiannis 2 Max Kanovich 1 1 UCL 2 Middlesex University University of Vienna, 14 Mar 2017 1/ 19 Compositional proofs in separation logic (1) Separation

1.14k views • 91 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of

Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of

Masters Thesis Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of Freiburg Department of Computer Science Programming Languages Chair September 1, 2019 Hannes Saffrich Mechanized Type

1.03k views • 39 slides
Proof Engineering of Higher Order Logic Wang) Collaboration, Translation, Checking and Retrieval

Proof Engineering of Higher Order Logic Wang) Collaboration, Translation, Checking and Retrieval

Proof Engineering of Higher Order Logic Robert White (Shuai Proof Engineering of Higher Order Logic Wang) Collaboration, Translation, Checking and Retrieval Introduction Higher Order Logic HOL Kernel Inference Rules Robert White

539 views • 29 slides
Higher Order Proof Engineering Robert White ILLC/INRIA Cool Logic, ILLC 1/23 Higher Order

Higher Order Proof Engineering Robert White ILLC/INRIA Cool Logic, ILLC 1/23 Higher Order

Higher Order Proof Engineering Higher Order Proof Engineering Robert White ILLC/INRIA Cool Logic, ILLC 1/23 Higher Order Proof Engineering Outline Introduction HOL Light and HOL Proof Checking OpenTheory Holide and Dedukti ProofCloud

767 views • 23 slides

More recommend