Verifying Graph Algorithms in Separation Logic: A Case for an Algebraic Approach

In the past two decades, step-indexed logical relations and separation logics have both come to play a major role in semantics and verification research. More recently, they have been married together in the form of step-indexed separation logics like VST, iCAP, and Iris, which provide powerful tools for (among other things) building semantic models of richly typed languages like Rust. In these logics, propositions are given semantics using a step-indexed model, and step-indexed reasoning is reflected into the logic through the so-called “later” modality. On the one hand, this modality provides an elegant, high-level account of step-indexed reasoning; on the other hand, when used in sufficiently sophisticated ways, it can become a nuisance, turning perfectly natural proof strategies into dead ends. In this work, we introduce later credits , a new technique for escaping later-modality quagmires. By leveraging the second ancestor of these logics—separation logic—later credits turn “the right to eliminate a later” into an ownable resource, which is subject to all the traditional modular reasoning principles of separation logic. We develop the theory of later credits in the context of Iris, and present several challenging examples of proofs and proof patterns which were previously not possible in Iris but are now possible due to later credits.

Stone-type duality theorems, which relate algebraic and relational/topological models, are important tools in logic because — in addition to elegant abstraction — they strengthen soundness and completeness to a categorical equivalence, yielding a framework through which both algebraic and topological methods can be brought to bear on a logic. We give a systematic treatment of Stone-type duality theorems for the structures that interpret bunched logics, starting with the weakest systems, recovering the familiar Boolean BI, and concluding with Separation Logic. Our results encompass all the known existing algebraic approaches to Separation Logic and prove them sound with respect to the standard store-heap semantics. We additionally recover soundness and completeness theorems of the specific truth-functional models of these logics as presented in the literature. This approach synthesises a variety of techniques from modal, substructural and categorical logic and contextualises the ‘resource semantics’ interpretation underpinning Separation Logic amongst them. As a consequence, theory from those fields — as well as algebraic and topological methods — can be applied to both Separation Logic and the systems of bunched logics it is built upon. Conversely, the notion of indexed resource frame (generalizing the standard model of Separation Logic) and its associated completeness proof can easily be adapted to other non-classical predicate logics.

Compositional abstractions underly many reasoning principles for concurrent programs: the concurrent environment is abstracted in order to reason about a thread in isolation; and these abstractions are composed to reason about a program consisting of many threads. For instance, separation logic uses formulae that describe part of the state, abstracting the rest; when two threads use disjoint state, their specifications can be composed with the separating conjunction. Type systems abstract the state to the types of variables; threads may be composed when they agree on the types of shared variables. In this paper, we present the "Concurrent Views Framework", a metatheory of concurrent reasoning principles. The theory is parameterised by an abstraction of state with a notion of composition, which we call views. The metatheory is remarkably simple, but highly applicable: the rely-guarantee method, concurrent separation logic, concurrent abstract predicates, type systems for recursive references and for unique pointers, and even an adaptation of the Owicki-Gries method can all be seen as instances of the Concurrent Views Framework. Moreover, our metatheory proves each of these systems is sound without requiring induction on the operational semantics.

Compositional abstractions underly many reasoning principles for concurrent programs: the concurrent environment is abstracted in order to reason about a thread in isolation; and these abstractions are composed to reason about a program consisting of many threads. For instance, separation logic uses formulae that describe part of the state, abstracting the rest; when two threads use disjoint state, their specifications can be composed with the separating conjunction. Type systems abstract the state to the types of variables; threads may be composed when they agree on the types of shared variables.In this paper, we present the Views Framework, a metatheory of concurrent reasoning principles. The theory is parameterised by an abstraction of state with a notion of composition, which we call views. The metatheory is remarkably simple, but highly applicable: the rely-guarantee method, concurrent separation logic, concurrent abstract predicates, type systems for recursive references and for unique pointers, and even an adaptation of the Owicki-Gries method can all be seen as instances of the Concurrent Views Framework. Moreover, our metatheory proves each of these systems is sound without requiring induction on the operational semantics.

In addition to pre- and postconditions, program specifications in recent separation logics for concurrency have employed an algebraic structure of resources —a form of state transition systems—to describe the state-based program invariants that must be preserved, and to record the permissible atomic changes to program state. In this paper we introduce a novel notion of resource morphism , i.e. structure-preserving function on resources, and show how to effectively integrate it into separation logic, using an associated notion of morphism-specific simulation . We apply morphisms and simulations to programs verified under one resource, to compositionally adapt them to operate under another resource, thus facilitating proof reuse.

Concurrent separation logic is distinguished by transfer of state ownership upon parallel composition and framing. The algebraic structure that underpins ownership transfer is that of partial commutative monoids (PCMs). Extant research considers ownership transfer primarily from the logical perspective while comparatively less attention is drawn to the algebraic considerations. This paper provides an algebraic formalization of ownership transfer in concurrent separation logic by means of structure-preserving partial functions (i.e., morphisms) between PCMs, and an associated notion of separating relations. Morphisms of structures are a standard concept in algebra and category theory, but haven't seen ubiquitous use in separation logic before. Separating relations. are binary relations that generalize disjointness and characterize the inputs on which morphisms preserve structure. The two abstractions facilitate verification by enabling concise ways of writing specs, by providing abstract views of threads' states that are preserved under ownership transfer, and by enabling user-level construction of new PCMs out of existing ones.

We present an algebraic approach to separation logic. In particular, we give algebraic characterisations for all constructs of separation logic. The algebraic view does not only yield new insights on separation logic but also shortens proofs and enables the use of automated theorem provers for verifying properties at a more abstract level.

Algebraic separation logic

We overview the logic of Bunched Implications (BI) and Separation Logic (SL) from a perspective inspired by Hiroakira Ono’s algebraic approach to substructural logics. We propose generalized BI algebras (GBI-algebras) as a common framework for algebras arising via “declarative resource reading”, intuitionistic generalizations of relation algebras and arrow logics and the distributive Lambek calculus with intuitionistic implication. Apart from existing models of BI (in particular, heap models and effect algebras), we also cover models arising from weakening relations, formal languages or more fine-grained treatment of labelled trees and semistructured data. After briefly discussing the lattice of subvarieties of \(\mathsf {GBI}\), we present a suitable duality for \(\mathsf {GBI}\) along the lines of Esakia and Priestley and an algebraic proof of cut elimination in the setting of residuated frames of Galatos and Jipsen. We also show how the algebraic approach allows generic results on decidability, both positive and negative ones. In the final part of the paper, we gently introduce the substructural audience to some theory behind state-of-art tools, culminating with an algebraic and proof-theoretic presentation of (bi-) abduction.

Higher-Order Separation Logic in Isabelle/HOLCF

We present a general storage model that reflects features of object oriented (OO) languages with pure reference semantics. Based on this model, we develop an OO Separation Logic (OOSL) to specify and verify OO programs. Many inference rules in the Separation Logic still hold in OOSL. Additionally, OOSL has certain properties important to OO reasoning. We introduce Hoare-Triple for a small OO language, and use the Schorr-Waite Marking Algorithm as a verification example.

The principles of logic are, let us remember, the principles of valid reasoning that set the standards of consistency. Inquiry into any subject matter whatsoever draws implicitly on these principles and must conform to these standards on pain of incoherence. Logic then has a privileged position among the sciences, and this position raises two questions. First, what is the subject matter of logic; what content for logical principles does justice to their role in setting standards of consistency? Second, from what vantage point are we able to isolate and elucidate the basic notions that enter into the formulation of logic? These questions become all the more pressing, once the study of logic is separated sharply from empirical psychological investigations of human cognition. The magnitude of Frege's innovation in logic makes him acutely aware of the logocentric predicament. Frege puts forward his begriffsschrift as a formulation of the principles of valid reasoning. In developing a conception of logic that supports this identification, Frege addresses the issues raised by the logocentric predicament. Indeed, an examination of Frege's conception of logic can serve to clarify those issues. However, in the end, this conception of logic is unsatisfactory. For there are deep tensions between Frege's official construal of the content of the axioms of the begriffsschrift, and his view of judgment that underlies the identification of the begriffsschrift as logic. Wittgenstein's Tractatus is, in large measure, a response to these tensions in Frege's thought. Wittgenstein largely

Change in View offers an entirely original approach to the philosophical study of reasoning by identifying principles of reasoning with principles for revising one's beliefs and intentions and not with principles of logic. This crucial observation leads to a number of important and interesting consequences that impinge on psychology and artificial intelligence as well as on various branches of philosophy, from epistemology to ethics and action theory.

Change in View offers an entirely original approach to the philosophical study of reasoning by identifying principles of reasoning with principles for revising one's beliefs and intentions and not with principles of logic. This crucial observation leads to a number of important and interesting consequences that impinge on psychology and artificial intelligence as well as on various branches of philosophy, from epistemology to ethics and action theory.

By taking serious a remark once made by Paul Bernays, namely that an account of the nature of rationality should begin with concept-formation, this article sets out to uncover both the restrictive and the expansive boundaries of rationality. In order to do this some implications of the perennial philosophical problem of the “coherence of irreducibles” will be related to the acknowledgement of primitive terms and of their indefinability. Some critical remarks will be articulated in connection with an over-estimation of rationality - concerning the influence of Kant’s view of human understanding as the formal law-giver of nature (the supposedly “rational structure of the world”), and the apparently innocent (subjectivist) habit to refer to experiential entities as ‘objects’. The other side of the coin will be highlighted with reference to those kinds of knowledge transcending the limits of concept-formation - culminating in formulating the four most basic idea-statements philosophy can articulate about the universe. What is found “in-between” these (restrictive) and (expansive) boundaries of rationality will then briefly be placed within the contours of a threefold perspective on the self-insufficiency of logicality - as merely one amongst many more dimensions conditioning human life. Although the meaning of the most basic logical principles - such as the logical principles of identity, non-contradiction and sufficient reason - will surface in our analysis, exploring some of the complex issues in this respect, such as the relationship between thought and language, will not be analysed. The important role of solidarity - as the basis of critique - will be explained and related both to the role of immanent criticism in rational conversation and the importance of acknowledging what is designated as the principle of the excluded antinomy (which in an ontic sense underlies the logical principle of non-contradiction). The last section of our discussion will succinctly illuminate the proper place of the inevitable trust we ought to have in rationality - while implicitly warning against the rationalistic over-estimation of it (its degeneration into a rationalist “faith in reason”). Our intention is to enhance an awareness of the reality that rationality is embedded in and borders on givens which are not open to further “rational” exploration - givens that both condition (in a constitutive sense) and transcend the limits of conceptual knowledge. Some of the distinctions and insights operative in our analysis are explained in Strauss 2000 and 2003. Yet, most of the systematic perspectives found in this analysis of rationality are only developed in this article for the first time. Since a different study is required to discuss related problems and results found within cognitive science, it cannot be discussed within one article.