8 research outputs found
Verifying object-oriented programs with higher-order separation logic in Coq
We present a shallow Coq embedding of a higher-order separation logic with nested triples for an object-oriented programming language. Moreover, we develop novel specification and proof patterns for reasoning in higher-order separation logic with nested triples about programs that use interfaces and interface inheritance. In particular, we show how to use the higher-order features of the Coq formalisation to specify and reason modularly about programs that (1) depend on some unknown code satisfying a specification or that (2) return objects conforming to a certain specification. All of our results have been formally verified in the interactive theorem prover Coq
Sequent Calculus in the Topos of Trees
Nakano's "later" modality, inspired by G\"{o}del-L\"{o}b provability logic,
has been applied in type systems and program logics to capture guarded
recursion. Birkedal et al modelled this modality via the internal logic of the
topos of trees. We show that the semantics of the propositional fragment of
this logic can be given by linear converse-well-founded intuitionistic Kripke
frames, so this logic is a marriage of the intuitionistic modal logic KM and
the intermediate logic LC. We therefore call this logic
. We give a sound and cut-free complete sequent
calculus for via a strategy that decomposes
implication into its static and irreflexive components. Our calculus provides
deterministic and terminating backward proof-search, yields decidability of the
logic and the coNP-completeness of its validity problem. Our calculus and
decision procedure can be restricted to drop linearity and hence capture KM.Comment: Extended version, with full proof details, of a paper accepted to
FoSSaCS 2015 (this version edited to fix some minor typos
Formalized Verification of Snapshotable Trees: Separation and Sharing
Abstract. We use separation logic to specify and verify a Java program that implements snapshotable search trees, fully formalizing the specification and verification in the Coq proof assistant. We achieve local and modular reasoning about a tree and its snapshots and their iterators, although the implementation involves shared mutable heap data structures with no separation or ownership relation between the various data. The paper also introduces a series of four increasingly sophisticated implementations and verifies the first one. The others are included as future work and as a set of challenge problems for full functional specification and verification, whether by separation logic or by other formalisms.
Coqoon
International audienceUser interfaces for interactive proof assistants have always lagged behind those for mainstream programming languages. Whereas integrated development environments (IDEs) have support for features like project management, version control, dependency analysis and incremental project compilation, " IDE " s for proof assistants typically only operate on files in isolation, relying on external tools to integrate those files into larger projects. In this paper we present Coqoon, an IDE for Coq projects integrated into Eclipse. Coqoon manages proofs as projects rather than isolated source files, and compiles these projects using the Eclipse common build system. Coqoon takes advantage of the latest features of Coq, including asynchronous and parallel processing of proofs, and—when used together with a third-party OCaml extension for Eclipse—can even be used to work on large developments containing Coq plugins
A Formal C Memory Model for Separation Logic
The core of a formal semantics of an imperative programming language is a
memory model that describes the behavior of operations on the memory. Defining
a memory model that matches the description of C in the C11 standard is
challenging because C allows both high-level (by means of typed expressions)
and low-level (by means of bit manipulation) memory accesses. The C11 standard
has restricted the interaction between these two levels to make more effective
compiler optimizations possible, on the expense of making the memory model
complicated.
We describe a formal memory model of the (non-concurrent part of the) C11
standard that incorporates these restrictions, and at the same time describes
low-level memory operations. This formal memory model includes a rich
permission model to make it usable in separation logic and supports reasoning
about program transformations. The memory model and essential properties of it
have been fully formalized using the Coq proof assistant