Iris from the ground up: A modular foundation for higher-order concurrent separation logic

@article{Jung2018IrisFT,
  title={Iris from the ground up: A modular foundation for higher-order concurrent separation logic},
  author={Ralf Jung and Robbert Krebbers and Jacques-Henri Jourdan and Ale{\vs} Bizjak and Lars Birkedal and Derek Dreyer},
  journal={Journal of Functional Programming},
  year={2018},
  volume={28}
}
Iris is a framework for higher-order concurrent separation logic, which has been implemented in the Coq proof assistant and deployed very effectively in a wide variety of verification projects. Iris was designed with the express goal of simplifying and consolidating the foundations of modern separation logics, but it has evolved over time, and the design and semantic foundations of Iris itself have yet to be fully written down and explained together properly in one place. Here, we attempt to… 
Diaframe: automated verification of fine-grained concurrent programs in Iris
TLDR
Diaframe is an automated and foundational verification tool for fine-grained concurrent programs built on top of the Iris framework for higher-order concurrent separation logic in Coq, which already has a foundational soundness proof and the ability to give strong specifications, but lacks automation.
Transfinite Iris: resolving an existential dilemma of step-indexed separation logic
TLDR
This paper transforms the Coq-based step-indexed logic Iris to Transfinite Iris, and demonstrates its effectiveness in proving termination and termination-preserving refinement for higher-order stateful programs.
A Separation Logic for a Promising Semantics
TLDR
SLR is presented, the first expressive program logic for reasoning about concurrent programs under a weak memory model addressing the out-of-thin-air problem, and is proved sound over the recent “promising” memory model of Kang et al., using a substantially different argument to soundness proofs of logics for simpler memory models.
The future is ours: prophecy variables in separation logic
TLDR
This paper presents the first account of prophecy variables in a Hoare-style program logic that is flexible enough to verify logical atomicity (a relative of linearizability) for classic examples from the concurrency literature like RDCSS and the Herlihy-Wing queue.
MoSeL: a general, extensible modal framework for interactive proofs in separation logic
TLDR
This paper proposes MoSeL, a general and extensible Coq framework that brings the benefits of IPM to a much larger class of separation logics, and provides generic tactics that can be easily extended to account for the bespoke connectives of the logics with which it is instantiated.
FORMALIZING CONCURRENT STACKS WITH HELPING : A CASE STUDY IN
TLDR
This work presents a formalization of a common concurrent data-structure: a stack, which is lock-free and uses helping to avoid contention, and demonstrates how Iris can be used to give expressive, higher-order specifications of advanced concurrentdata-structures.
Iron: managing obligations in higher-order concurrent separation logic
TLDR
A novel higher-order concurrent separation logic that allows for precise reasoning about resources that are transferable among dynamically allocated threads is presented, and a model of Iron, defined on top of the Iris base logic, is used to prove that memory resources are accounted for precisely and not leaked.
RefinedC: automating the foundational verification of C code with refined ownership types
TLDR
A type system which combines ownership types for modular reasoning about shared state and concurrency with refinement types for encoding precise invariants on C data types and Hoare-style specifications for C functions, and is designed to be encodable in a new “separation logic programming” language the authors call Lithium.
A separation logic for effect handlers
TLDR
This work presents a Separation Logic with built-in support for effect handlers, both shallow and deep, based on Iris and inherits all of its advanced features, including support for higher-order functions, user-defined ghost state, and invariants.
Trillium: Unifying Refinement and Higher-Order Distributed Separation Logic
TLDR
This work uses the notion of refinement to transfer fairness assumptions on program executions to model traces and then transfer liveness properties of fair model traces back to program executions, which enables it to proveLiveness properties such as strong eventual consistency of a concrete implementation of a Conflict-Free Replicated Data Type and fair termination of a concurrent program.
...
...

References

SHOWING 1-10 OF 97 REFERENCES
The Essence of Higher-Order Concurrent Separation Logic
TLDR
This paper defines a small, resourceful base logic, which distills the essence of Iris: it comprises only the assertion layer of vanilla separation logic, plus a handful of simple modalities, and shows how the much fancier logical mechanisms of Iris--in particular, its entire program specification layer--can be understood as merely derived forms in this base logic.
Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning
TLDR
Iris, a concurrent separation logic with a simple premise: monoids and invariants are all you need, supports the encoding of *logically atomic specifications*, i.e., Hoare-style specs that permit the client of an operation to treat the operation essentially as if it were atomic, even if it is not.
Strong Logic for Weak Memory: Reasoning About Release-Acquire Consistency in Iris
TLDR
The first foundationally verified framework for proving programs correct under C11's weak-memory semantics is provided, providing a novel operational characterization of RA+NA, the fragment of C11 containing RA accesses and "non-atomic" accesses.
Higher-order ghost state
TLDR
This paper proposes higher-order ghost state as a interesting and useful extension to CSL, which is formalized in the framework of Jung et al.'s recently developed Iris logic, and develops a novel algebraic structure called CMRAs ("cameras") which can be thought of as "step-indexed partial commutative monoids".
MoSeL: a general, extensible modal framework for interactive proofs in separation logic
TLDR
This paper proposes MoSeL, a general and extensible Coq framework that brings the benefits of IPM to a much larger class of separation logics, and provides generic tactics that can be easily extended to account for the bespoke connectives of the logics with which it is instantiated.
Iron: managing obligations in higher-order concurrent separation logic
TLDR
A novel higher-order concurrent separation logic that allows for precise reasoning about resources that are transferable among dynamically allocated threads is presented, and a model of Iron, defined on top of the Iris base logic, is used to prove that memory resources are accounted for precisely and not leaked.
Unifying refinement and hoare-style reasoning in a logic for higher-order concurrency
TLDR
CaReSL is presented, the first logic to support the use of granularity abstraction for modular verification of higher-order concurrent programs, and its effectiveness is demonstrated by using it to tackle a significant case study: the first formal proof of (partial) correctness for Hendler et al.'s "flat combining" algorithm.
Interactive proofs in higher-order concurrent separation logic
TLDR
This paper introduces a so-called proof mode that extends the Coq proof assistant with (spatial and non-spatial) named proof contexts for the object logic, and shows that thanks to these contexts it can implement high-level tactics for introduction and elimination of the connectives of the object Logic, and thereby make reasoning in the embedded logic as seamless as Reasoning in the meta logic of the proof assistant.
A Higher-Order Logic for Concurrent Termination-Preserving Refinement
TLDR
This paper extends Iris, a recent higher-order concurrent separation logic, with support for reasoning about termination-preserving refinements, and proves the correctness of an efficient implementation of a higher- order, session-typed language.
A Marriage of Rely/Guarantee and Separation Logic
TLDR
This work proposes a combined system which marries rely/guarantee logic and separation logic, and demonstrates the advantages of the combined approach by verifying a lock-coupling list algorithm, which actually disposes/frees removed nodes.
...
...