8 research outputs found
Proving Hypersafety Compositionally
Hypersafety properties of arity are program properties that relate
traces of a program (or, more generally, traces of programs). Classic
examples include determinism, idempotence, and associativity. A number of
relational program logics have been introduced to target this class of
properties. Their aim is to construct simpler proofs by capitalizing on
structural similarities between the related programs. We propose an
unexplored, complementary proof principle that establishes hyper-triples (i.e.
hypersafety judgments) as a unifying compositional building block for proofs,
and we use it to develop a Logic for Hyper-triple Composition (LHC), which
supports forms of proof compositionality that were not achievable in previous
logics. We prove LHC sound and apply it to a number of challenging examples.Comment: 44 pages. Extended version of the OOPSLA'22 paper with the same
title. Includes full proofs and case studies in appendix. v2 fixes typos in a
derivatio
TaDA Live: Compositional Reasoning for Termination of Fine-grained Concurrent Programs
We introduce TaDA Live, a separation logic for reasoning compositionally
about the termination of blocking fine-grained concurrent programs. The logic
contributes several innovations to obtain modular rely/guarantee style
reasoning for liveness properties and to blend them with logical atomicity. We
illustrate the subtlety of our specifications and reasoning on some
paradigmatic examples.Comment: 24 pages, 97 pages including appendi
A bunch of sessions:a propositions-as-sessions interpretation of bunched implications in channel-based concurrency
The emergence of propositions-as-sessions, a Curry-Howard correspondence between propositions of Linear Logic and session types for concurrent processes, has settled the logical foundations of message-passing concurrency. Central to this approach is the resource consumption paradigm heralded by Linear Logic. In this paper, we investigate a new point in the design space of session type systems for message-passing concurrent programs. We identify O’Hearn and Pym’s Logic of Bunched Implications (BI) as a fruitful basis for an interpretation of the logic as a concurrent programming language. This leads to a treatment of non-linear resources that is radically different from existing approaches based on Linear Logic. We introduce a new π-calculus with sessions, called πBI; its most salient feature is a construct called spawn, which expresses new forms of sharing that are induced by structural principles in BI. We illustrate the expressiveness of πBI and lay out its fundamental theory: type preservation, deadlock-freedom, and weak normalization results for well-typed processes; an operationally sound and complete typed encoding of an affine λ-calculus; and a non-interference result for access of resources
Verifying message-passing programs with dependent behavioural types
Concurrent and distributed programming is notoriously hard. Modern languages and toolkits ease this difficulty by offering message-passing abstractions, such as actors (e.g., Erlang, Akka, Orleans) or processes (e.g., Go): they allow for simpler reasoning w.r.t. shared-memory concurrency, but do not ensure that a program implements a given specification. To address this challenge, it would be desirable to specify and verify the intended behaviour of message-passing applications using types, and ensure that, if a program type-checks and compiles, then it will run and communicate as desired. We develop this idea in theory and practice. We formalise a concurrent functional language λπ, with a new blend of behavioural types (from π-calculus theory), and dependent function types (from the Dotty programming language, a.k.a. the future Scala 3). Our theory yields four main payoffs: (1) it verifies safety and liveness properties of programs via typeś level model checking; (2) unlike previous work, it accurately verifies channel-passing (covering a typical pattern of actor programs) and higher-order interaction (i.e., sending/receiving mobile code); (3) it is directly embedded in Dotty, as a toolkit called Effpi, offering a simplified actor-based API; (4) it enables an efficient runtime system for Effpi, for highly concurrent programs with millions of processes/actors
Soter: an Automatic Safety Verifier for Erlang
This paper presents Soter, a fully-automatic program analyser and verifier for Erlang modules. The fragment of Erlang accepted by Soter includes the higher-order functional constructs and all the key features of actor concurrency, namely, dynamic spawning of processes and asynchronous message passing. Soter uses a combination of static analysis and infinite-state model checking to verify safety properties specified by the user. Given an Erlang module and a set of properties, S