Semantic cut elimination for the logic of bunched implications, formalized in Coq

The logic of bunched implications (BI) is a substructural logic that forms the backbone of separation logic, the much studied logic for reasoning about heap-manipulating programs. Although the proof theory and metatheory of BI are mathematically involved, the formalization of important metatheoretical results is still incipient. In this paper we present a self-contained formalized, in the Coq proof assistant, proof of a central metatheoretical property of BI: cut elimination for its sequent calculus. The presented proof is *semantic*, in the sense that is obtained by interpreting sequents in a particular "universal" model. This results in a more modular and elegant proof than a standard Gentzen-style cut elimination argument, which can be subtle and error-prone in manual proofs for BI. In particular, our semantic approach avoids unnecessary inversions on proof derivations, or the uses of cut reductions and the multi-cut rule. Besides modular, our approach is also robust: we demonstrate how our method scales, with minor modifications, to (i) an extension of BI with an arbitrary set of \emph{simple structural rules}, and (ii) an extension with an S4-like $\Box$ modality.Comment: 15 pages, to appear in CPP 202

Analyzing Passenger Incidence Behavior in Heterogeneous Transit Services Using Smartcard Data and Schedule-Based Assignment

Passenger incidence (station arrival) behavior has been studied primarily to understand how changes to a transit service will affect passenger waiting times. The impact of one intervention (e.g., increasing frequency) could be overestimated when compared with another (e.g., improving reliability), depending on the assumption of incidence behavior. Understanding passenger incidence allows management decisions to be based on realistic behavioral assumptions. Earlier studies on passenger incidence chose their data samples from stations with a single service pattern such that the linking of passengers to services was straightforward. This choice of data samples simplifies the analysis but heavily limits the stations that can be studied. In any moderately complex network, many stations may have more than one service pattern. This limitation prevents the method from being systematically applied to the whole network and constrains its use in practice. This paper considers incidence behavior in stations with heterogeneous services and proposes a method for estimating incidence headway and waiting time by integrating disaggregate smartcard data with published timetables using schedule-based assignment. This method is applied to stations in the entire London Overground to demonstrate its practicality; incidence behavior varies across the network and across times of day and reflects headways and reliability. Incidence is much less timetable-dependent on the North London Line than on the other lines because of shorter headways and poorer reliability. Where incidence is timetable-dependent, passengers reduce their mean scheduled waiting time by more than 3 min compared with random incidence

Late 18th century Russian Navy maps and the first 3D visualization of the walled city of Beirut

International audienc

ReLoC Reloaded:A Mechanized Relational Logic for Fine-Grained Concurrency and Logical Atomicity

We present a new version of ReLoC: a relational separation logic for proving refinements of programs with higher-order state, fine-grained concurrency, polymorphism and recursive types. The core of ReLoC is its refinement judgment $e \precsim e' : \tau$, which states that a program $e$ refines a program $e'$ at type $\tau$. ReLoC provides type-directed structural rules and symbolic execution rules in separation-logic style for manipulating the judgment, whereas in prior work on refinements for languages with higher-order state and concurrency, such proofs were carried out by unfolding the judgment into its definition in the model. ReLoC's abstract proof rules make it simpler to carry out refinement proofs, and enable us to generalize the notion of logically atomic specifications to the relational case, which we call logically atomic relational specifications. We build ReLoC on top of the Iris framework for separation logic in Coq, allowing us to leverage features of Iris to prove soundness of ReLoC, and to carry out refinement proofs in ReLoC. We implement tactics for interactive proofs in ReLoC, allowing us to mechanize several case studies in Coq, and thereby demonstrate the practicality of ReLoC. ReLoC Reloaded extends ReLoC (LICS'18) with various technical improvements, a new Coq mechanization, and support for Iris's prophecy variables. The latter allows us to carry out refinement proofs that involve reasoning about the program's future. We also expand ReLoC's notion of logically atomic relational specifications with a new flavor based on the HOCAP pattern by Svendsen et al

Modular Denotational Semantics for Effects with Guarded Interaction Trees

We present guarded interaction trees -- a structure and a fully formalized framework for representing higher-order computations with higher-order effects in Coq, inspired by domain theory and the recently proposed interaction trees. We also present an accompanying separation logic for reasoning about guarded interaction trees. To demonstrate that guarded interaction trees provide a convenient domain for interpreting higher-order languages with effects, we define an interpretation of a PCF-like language with effects and show that this interpretation is sound and computationally adequate; we prove the latter using a logical relation defined using the separation logic. Guarded interaction trees also allow us to combine different effects and reason about them modularly. To illustrate this point, we give a modular proof of type soundness of cross-language interactions for safe interoperability of different higher-order languages with different effects. All results in the paper are formalized in Coq using the Iris logic over guarded type theory.Comment: 30 pages; accepted for POPL2