9,600 research outputs found
Temporary Read-Only Permissions for Separation Logic
International audienceWe present an extension of Separation Logic with a general mechanism for temporarily converting any assertion (or "permission") to a read-only form. No accounting is required: our read-only permissions can be freely duplicated and discarded. We argue that, in circumstances where mutable data structures are temporarily accessed only for reading, our read-only permissions enable more concise specifications and proofs. The metatheory of our proposal is verified in Coq
Leaf: Modularity for Temporary Sharing in Separation Logic (Extended Version)
In concurrent verification, separation logic provides a strong story for
handling both resources that are owned exclusively and resources that are
shared persistently (i.e., forever). However, the situation is more complicated
for temporarily shared state, where state might be shared and then later
reclaimed as exclusive. We believe that a framework for temporarily-shared
state should meet two key goals not adequately met by existing techniques. One,
it should allow and encourage users to verify new sharing strategies. Two, it
should provide an abstraction where users manipulate shared state in a way
agnostic to the means with which it is shared.
We present Leaf, a library in the Iris separation logic which accomplishes
both of these goals by introducing a novel operator, which we call guarding,
that allows one proposition to represent a shared version of another. We
demonstrate that Leaf meets these two goals through a modular case study: we
verify a reader-writer lock that supports shared state, and a hash table built
on top of it that uses shared state
Verification of Snapshotable Trees using Access Permissions and Typestate
Abstract. We use access permissions and typestate to specify and verify a Java library that implements snapshotable search trees, as well as some client code. We formalize our approach in the Plural tool, a sound modular typestate checking tool. We describe the challenges to verifying snapshotable trees in Plural, give an abstract interface specification against which we verify the client code, provide a concrete specification for an implementation and describe proof patterns we found. We also relate this verification approach to other techniques used to verify this data structure.
Verus: Verifying Rust Programs using Linear Ghost Types (extended version)
The Rust programming language provides a powerful type system that checks
linearity and borrowing, allowing code to safely manipulate memory without
garbage collection and making Rust ideal for developing low-level,
high-assurance systems. For such systems, formal verification can be useful to
prove functional correctness properties beyond type safety. This paper presents
Verus, an SMT-based tool for formally verifying Rust programs. With Verus,
programmers express proofs and specifications using the Rust language, allowing
proofs to take advantage of Rust's linear types and borrow checking. We show
how this allows proofs to manipulate linearly typed permissions that let Rust
code safely manipulate memory, pointers, and concurrent resources. Verus
organizes proofs and specifications using a novel mode system that
distinguishes specifications, which are not checked for linearity and
borrowing, from executable code and proofs, which are checked for linearity and
borrowing. We formalize Verus' linearity, borrowing, and modes in a small
lambda calculus, for which we prove type safety and termination of
specifications and proofs. We demonstrate Verus on a series of examples,
including pointer-manipulating code (an xor-based doubly linked list), code
with interior mutability, and concurrent code
- …