research-article

Open access

Later credits: resourceful reasoning for the later modality

Authors:

Lennard Gäher,

Joseph Tassarotti,

Robbert Krebbers,

Derek DreyerAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 6, Issue ICFP

Article No.: 100, Pages 283 - 311

https://doi.org/10.1145/3547631

Published: 31 August 2022 Publication History

Abstract

In the past two decades, step-indexed logical relations and separation logics have both come to play a major role in semantics and verification research. More recently, they have been married together in the form of step-indexed separation logics like VST, iCAP, and Iris, which provide powerful tools for (among other things) building semantic models of richly typed languages like Rust. In these logics, propositions are given semantics using a step-indexed model, and step-indexed reasoning is reflected into the logic through the so-called “later” modality. On the one hand, this modality provides an elegant, high-level account of step-indexed reasoning; on the other hand, when used in sufficiently sophisticated ways, it can become a nuisance, turning perfectly natural proof strategies into dead ends.

In this work, we introduce later credits, a new technique for escaping later-modality quagmires. By leveraging the second ancestor of these logics—separation logic—later credits turn “the right to eliminate a later” into an ownable resource, which is subject to all the traditional modular reasoning principles of separation logic. We develop the theory of later credits in the context of Iris, and present several challenging examples of proofs and proof patterns which were previously not possible in Iris but are now possible due to later credits.

References

[1]

Amal Ahmed. 2004. Semantics of types for mutable state. Ph. D. Dissertation. Princeton University.

[2]

Amal Ahmed, Andrew W. Appel, Christopher D. Richards, Kedar N. Swadi, Gang Tan, and Daniel C. Wang. 2010. Semantic foundations for typed assembly languages. TOPLAS, 32, 3 (2010), 1–67. https://doi.org/10.1145/1709093.1709094

Digital Library

[3]

Andrew W. Appel and David A. McAllester. 2001. An indexed model of recursive types for foundational proof-carrying code. TOPLAS, 23, 5 (2001), 657–683. https://doi.org/10.1145/504709.504712

Digital Library

[4]

Andrew W. Appel, Paul-André Melliès, Christopher D. Richards, and Jérôme Vouillon. 2007. A very modal model of a modern, major, general type system. In POPL. 109–122. https://doi.org/10.1145/1190216.1190235

Digital Library

[5]

Nick Benton and Peter Buchlovsky. 2007. Semantics of an effect analysis for exceptions. In TLDI. 15–26. https://doi.org/10.1145/1190315.1190320

Digital Library

[6]

Nick Benton, Andrew Kennedy, Lennart Beringer, and Martin Hofmann. 2007. Relational semantics for effect-based program transformations with dynamic allocation. In PPDP. 87–96. https://doi.org/10.1145/1273920.1273932

Digital Library

[7]

Nick Benton, Andrew Kennedy, Lennart Beringer, and Martin Hofmann. 2009. Relational semantics for effect-based program transformations: higher-order store. In PPDP. 301–312. https://doi.org/10.1145/1599410.1599447

Digital Library

[8]

Nick Benton, Andrew Kennedy, Martin Hofmann, and Lennart Beringer. 2006. Reading, writing and relations. In APLAS (LNCS, Vol. 4279). 114–130. https://doi.org/10.1007/11924661_7

Digital Library

[9]

Lars Birkedal, Thomas Dinsdale-Young, Armaël Guéneau, Guilhem Jaber, Kasper Svendsen, and Nikos Tzevelekos. 2021. Theorems for free from separation logic specifications. PACMPL, 5, ICFP (2021), 1–29. https://doi.org/10.1145/3473586

Digital Library

[10]

Lars Birkedal, Bernhard Reus, Jan Schwinghammer, Kristian Støvring, Jacob Thamsborg, and Hongseok Yang. 2011. Step-indexed Kripke models over recursive worlds. In POPL. 119–132. https://doi.org/10.1145/1926385.1926401

Digital Library

[11]

Stephen Brookes. 2007. A semantics for concurrent separation logic. TCS, 375, 1-3 (2007), 227–270. https://doi.org/10.1016/j.tcs.2006.12.034

Digital Library

[12]

Alexandre Buisse, Lars Birkedal, and Kristian Støvring. 2011. Step-Indexed Kripke Model of Separation Logic for Storable Locks. In MFPS (ENTCS, Vol. 276). 121–143. https://doi.org/10.1016/j.entcs.2011.09.018

Digital Library

[13]

Qinxiang Cao, Lennart Beringer, Samuel Gruetter, Josiah Dodds, and Andrew W. Appel. 2018. VST-Floyd: A separation logic tool to verify correctness of C programs. JAR, 61, 1-4 (2018), 367–422. https://doi.org/10.1007/s10817-018-9457-5

Digital Library

[14]

Quentin Carbonneaux, Noam Zilberstein, Christoph Klee, Peter W. O’Hearn, and Francesco Zappa Nardelli. 2022. Applying formal verification to microkernel IPC at Meta. In CPP. 116–129. https://doi.org/10.1145/3497775.3503681

Digital Library

[15]

Tej Chajed, Joseph Tassarotti, M. Frans Kaashoek, and Nickolai Zeldovich. 2019. Verifying concurrent, crash-safe systems with Perennial. In SOSP. 243–258. https://doi.org/10.1145/3341301.3359632

Digital Library

[16]

Soham Chakraborty, Thomas A. Henzinger, Ali Sezgin, and Viktor Vafeiadis. 2015. Aspect-oriented linearizability proofs. LMCS, 11, 1 (2015), https://doi.org/10.2168/LMCS-11(1:20)2015

[17]

Pedro da Rocha Pinto, Thomas Dinsdale-Young, and Philippa Gardner. 2014. TaDA: A logic for time and data abstraction. In ECOOP (LNCS, Vol. 8586). 207–231. https://doi.org/10.1007/978-3-662-44202-9_9

Digital Library

[18]

Hoang-Hai Dang, Jacques-Henri Jourdan, Jan-Oliver Kaiser, and Derek Dreyer. 2020. RustBelt meets relaxed memory. PACMPL, 4, POPL (2020), 34:1–34:29. https://doi.org/10.1145/3371102

Digital Library

[19]

Derek Dreyer, Amal Ahmed, and Lars Birkedal. 2011. Logical Step-Indexed Logical Relations. LMCS, 7, 2:16 (2011), 1–37. https://doi.org/10.2168/LMCS-7(2:16)2011

[20]

Tayfun Elmas, Shaz Qadeer, Ali Sezgin, Omer Subasi, and Serdar Tasiran. 2010. Simplifying Linearizability Proofs with Reduction and Abstraction. In TACAS (LNCS, Vol. 6015). 296–311. https://doi.org/10.1007/978-3-642-12002-2_25

Digital Library

[21]

Aymeric Fromherz, Aseem Rastogi, Nikhil Swamy, Sydney Gibson, Guido Martínez, Denis Merigoux, and Tahina Ramananandro. 2021. Steel: proof-oriented programming in a dependently typed concurrent separation logic. PACMPL, 5, ICFP, 1–30. https://doi.org/10.1145/3473590

Digital Library

[22]

Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2018. ReLoC: A mechanised relational logic for fine-grained concurrency. In LICS. 442–451. https://doi.org/10.1145/3209108.3209174

Digital Library

[23]

Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2021. ReLoC Reloaded: A Mechanized Relational Logic for Fine-Grained Concurrency and Logical Atomicity. LMCS, 17, 3 (2021), https://doi.org/10.46298/lmcs-17(3:9)2021

[24]

Paolo G. Giarrusso, Léo Stefanesco, Amin Timany, Lars Birkedal, and Robbert Krebbers. 2020. Scala step-by-step: soundness for DOT with step-indexed logical relations in Iris. PACMPL, 4, ICFP (2020), 114:1–114:29. https://doi.org/10.1145/3408996

Digital Library

[25]

Maurice P. Herlihy and Jeannette M. Wing. 1990. Linearizability: a correctness condition for concurrent objects. TOPLAS, 12, 3 (1990), 463–492. https://doi.org/10.1145/78969.78972

Digital Library

[26]

Jonas Kastberg Hinrichsen, Jesper Bengtson, and Robbert Krebbers. 2020. Actris: session-type based reasoning in separation logic. PACMPL, 4, POPL (2020), 6:1–6:30. https://doi.org/10.1145/3371074

Digital Library

[27]

Jonas Kastberg Hinrichsen, Daniël Louwrink, Robbert Krebbers, and Jesper Bengtson. 2021. Machine-checked semantic session typing. In CPP. 178–198. https://doi.org/10.1145/3437992.3439914

Digital Library

[28]

Jacques-Henri Jourdan. 2021. Flexible number of logical steps per physical step. https://gitlab.mpi-sws.org/iris/iris/-/merge_requests/595 Iris merge request 595

[29]

Ralf Jung. 2019. Logical Atomicity in Iris: The Good, the Bad, and the Ugly. https://people.mpi-sws.org/~jung/iris/logatom-talk-2019.pdf Presented at the Iris Workshop (

[30]

Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2018. RustBelt: Securing the foundations of the Rust programming language. PACMPL, 2, POPL (2018), 66:1–66:34. https://doi.org/10.1145/3158154

Digital Library

[31]

Ralf Jung, Robbert Krebbers, Lars Birkedal, and Derek Dreyer. 2016. Higher-order ghost state. In ICFP. 256–269. https://doi.org/10.1145/2951913.2951943

Digital Library

[32]

Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. JFP, 28 (2018), e20. https://doi.org/10.1017/S0956796818000151

[33]

Ralf Jung, Rodolphe Lepigre, Gaurav Parthasarathy, Marianna Rapoport, Amin Timany, Derek Dreyer, and Bart Jacobs. 2020. The future is ours: prophecy variables in separation logic. PACMPL, 4, POPL (2020), 45:1–45:32. https://doi.org/10.1145/3371113

Digital Library

[34]

Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and invariants as an orthogonal basis for concurrent reasoning. In POPL. 637–650. https://doi.org/10.1145/2676726.2676980

Digital Library

[35]

Artem Khyzha, Alexey Gotsman, and Matthew J. Parkinson. 2016. A Generic Logic for Proving Linearizability. In FM (LNCS, Vol. 9995). 426–443. https://doi.org/10.1007/978-3-319-48989-6_26

[36]

Robbert Krebbers, Jacques-Henri Jourdan, Ralf Jung, Joseph Tassarotti, Jan-Oliver Kaiser, Amin Timany, Arthur Charguéraud, and Derek Dreyer. 2018. MoSeL: A general, extensible modal framework for interactive proofs in separation logic. PACMPL, 2, ICFP (2018), 77:1–77:30. https://doi.org/10.1145/3236772

Digital Library

[37]

Robbert Krebbers, Ralf Jung, Ales Bizjak, Jacques-Henri Jourdan, Derek Dreyer, and Lars Birkedal. 2017. The essence of higher-order concurrent separation logic. In ESOP (LNCS, Vol. 10201). 696–723. https://doi.org/10.1007/978-3-662-54434-1_26

Digital Library

[38]

Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017. Interactive proofs in higher-order concurrent separation logic. In POPL. 205–217. https://doi.org/10.1145/3093333.3009855

Digital Library

[39]

Morten Krogh-Jespersen, Kasper Svendsen, and Lars Birkedal. 2017. A relational model of types-and-effects in higher-order concurrent separation logic. In POPL. 218–231. https://doi.org/10.1145/3093333.3009877

Digital Library

[40]

Morten Krogh-Jespersen, Amin Timany, Marit Edna Ohlenbusch, Simon Oddershede Gregersen, and Lars Birkedal. 2020. Aneris: A Mechanised Logic for Modular Reasoning about Distributed Systems. In ESOP (LNCS, Vol. 12075). 336–365. https://doi.org/10.1007/978-3-030-44914-8_13

Digital Library

[41]

Hongjin Liang and Xinyu Feng. 2013. Modular verification of linearizability with non-fixed linearization points. In PLDI. 459–470. https://doi.org/10.1145/2491956.2462189

Digital Library

[42]

Glen Mével, Jacques-Henri Jourdan, and François Pottier. 2019. Time credits and time receipts in Iris. In ESOP (LNCS, Vol. 11423). 3–29. https://doi.org/10.1007/978-3-030-17184-1_1

[43]

Aleksandar Nanevski, Anindya Banerjee, Germán Andrés Delbianco, and Ignacio Fábregas. 2019. Specifying concurrent programs in separation logic: morphisms and simulations. PACMPL, 3, OOPSLA (2019), 161:1–161:30. https://doi.org/10.1145/3360587

Digital Library

[44]

Peter W. O’Hearn. 2007. Resources, concurrency, and local reasoning. TCS, 375, 1-3 (2007), 271–307. https://doi.org/10.1016/j.tcs.2006.12.035

Digital Library

[45]

Peter W. O’Hearn, John C. Reynolds, and Hongseok Yang. 2001. Local reasoning about programs that alter data structures. In CSL (LNCS, Vol. 2142). 1–19. https://doi.org/10.1007/3-540-44802-0_1

[46]

John C. Reynolds. 2002. Separation logic: A logic for shared mutable data structures. In LICS. 55–74. https://doi.org/10.1109/LICS.2002.1029817

[47]

Ilya Sergey, Aleksandar Nanevski, and Anindya Banerjee. 2015. Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity. In ESOP (LNCS, Vol. 9032). 333–358. https://doi.org/10.1007/978-3-662-46669-8_14

Digital Library

[48]

Simon Spies, Lennard Gäher, Daniel Gratzer, Joseph Tassarotti, Robbert Krebbers, Derek Dreyer, and Lars Birkedal. 2021. Transfinite Iris: Resolving an existential dilemma of step-indexed separation logic. In PLDI. 80–95. https://doi.org/10.1145/3453483.3454031

Digital Library

[49]

Simon Spies, Lennard Gäher, Joseph Tassarotti, Ralf Jung, Robbert Rebbers, Lars Birkedal, and Derek Dreyer. 2022. Later credits Coq development and technical documentation. https://doi.org/10.5281/zenodo.6702804 Latest development at

Digital Library

[50]

Kasper Svendsen and Lars Birkedal. 2014. Impredicative concurrent abstract predicates. In ESOP (LNCS, Vol. 8410). 149–168. https://doi.org/10.1007/978-3-642-54833-8_9

Digital Library

[51]

Kasper Svendsen, Filip Sieczkowski, and Lars Birkedal. 2016. Transfinite step-indexing: Decoupling concrete and logical steps. In ESOP (LNCS, Vol. 9632). 727–751. https://doi.org/10.1007/978-3-662-49498-1_28

[52]

Nikhil Swamy, Aseem Rastogi, Aymeric Fromherz, Denis Merigoux, Danel Ahman, and Guido Martínez. 2020. SteelCore: an extensible concurrent separation logic for effectful dependently typed programs. PACMPL, 4, ICFP (2020), 121:1–121:30. https://doi.org/10.1145/3409003

Digital Library

[53]

Joseph Tassarotti, Ralf Jung, and Robert Harper. 2017. A higher-order logic for concurrent termination-preserving refinement. In ESOP (LNCS, Vol. 10201). 909–936. https://doi.org/10.1007/978-3-662-54434-1_34

Digital Library

[54]

Jacob Thamsborg and Lars Birkedal. 2011. A Kripke logical relation for effect-based program transformations. In ICFP. 445–456. https://doi.org/10.1145/2034773.2034831

Digital Library

[55]

Amin Timany, Léo Stefanesco, Morten Krogh-Jespersen, and Lars Birkedal. 2018. A logical relation for monadic encapsulation of state: proving contextual equivalences in the presence of runST. PACMPL, 2, POPL (2018), 64:1–64:28. https://doi.org/10.1145/3158152

Digital Library

[56]

Aaron Turon, Derek Dreyer, and Lars Birkedal. 2013. Unifying refinement and Hoare-style reasoning in a logic for higher-order concurrency. In ICFP. 377–390. https://doi.org/10.1145/2500365.2500600

Digital Library

[57]

Hengchu Zhang, Wolf Honoré, Nicolas Koh, Yao Li, Yishuai Li, Li-yao Xia, Lennart Beringer, William Mansky, Benjamin C. Pierce, and Steve Zdancewic. 2021. Verifying an HTTP Key-Value Server with Interaction Trees and VST. In ITP (LIPIcs, Vol. 193). 32:1–32:19. https://doi.org/10.4230/LIPIcs.ITP.2021.32

Cited By

Moine ACharguéraud APottier F(2025)Will it Fit? Verifying Heap Space Bounds of Concurrent Programs under Garbage CollectionACM Transactions on Programming Languages and Systems10.1145/3716312Online publication date: 10-Feb-2025
https://dl.acm.org/doi/10.1145/3716312
Vistrup MSammler MJung R(2025)Program Logics à la CarteProceedings of the ACM on Programming Languages10.1145/37048479:POPL(300-331)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704847
Vindum SGeorges ABirkedal LStark KTimany ABlazy STabareau N(2025)The Nextgen Modality: A Modality for Non-Frame-Preserving Updates in Separation LogicProceedings of the 14th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3703595.3705876(83-97)Online publication date: 10-Jan-2025
https://dl.acm.org/doi/10.1145/3703595.3705876
Show More Cited By

Index Terms

Later credits: resourceful reasoning for the later modality
1. Theory of computation
  1. Logic
    1. Logic and verification
    2. Separation logic

Recommendations

Transfinite Iris: resolving an existential dilemma of step-indexed separation logic
PLDI 2021: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation

Step-indexed separation logic has proven to be a powerful tool for modular reasoning about higher-order stateful programs. However, it has only been used to reason about safety properties, never liveness properties. In this paper, we observe that the ...
Step-Indexed Kripke Model of Separation Logic for Storable Locks

We present a version of separation logic for modular reasoning about concurrent programs with dynamically allocated storable locks and dynamic thread creation. The assertions of the program logic are modelled by a Kripke model over a recursively de. ned ...
ReLoC: A Mechanised Relational Logic for Fine-Grained Concurrency
LICS '18: Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science

We present ReLoC: a logic for proving refinements of programs in a language with higher-order state, fine-grained concurrency, polymorphism and recursive types. The core of our logic is a judgement e ⪯ e': τ, which expresses that a program e refines a ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 6, Issue ICFP

August 2022

959 pages

EISSN:2475-1421

DOI:10.1145/3554306

Editor:
Philip Wadler
University of Edinburgh, UK

Issue’s Table of Contents

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution 4.0 International License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 August 2022

Published in PACMPL Volume 6, Issue ICFP

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Dutch Research Council (NWO)
NSF

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
590
Total Downloads

Downloads (Last 12 months)216
Downloads (Last 6 weeks)31

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Moine ACharguéraud APottier F(2025)Will it Fit? Verifying Heap Space Bounds of Concurrent Programs under Garbage CollectionACM Transactions on Programming Languages and Systems10.1145/3716312Online publication date: 10-Feb-2025
https://dl.acm.org/doi/10.1145/3716312
Vistrup MSammler MJung R(2025)Program Logics à la CarteProceedings of the ACM on Programming Languages10.1145/37048479:POPL(300-331)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704847
Vindum SGeorges ABirkedal LStark KTimany ABlazy STabareau N(2025)The Nextgen Modality: A Modality for Non-Frame-Preserving Updates in Separation LogicProceedings of the 14th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3703595.3705876(83-97)Online publication date: 10-Jan-2025
https://dl.acm.org/doi/10.1145/3703595.3705876
Somers TKrebbers R(2024)Verified Lock-Free Session Channels with LinkingProceedings of the ACM on Programming Languages10.1145/36897328:OOPSLA2(588-617)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689732
Timany AKrebbers RDreyer DBirkedal L(2024)A Logical Approach to Type SoundnessJournal of the ACM10.1145/367695471:6(1-75)Online publication date: 11-Nov-2024
https://dl.acm.org/doi/10.1145/3676954
Aguirre AHaselwarter Pde Medeiros MLi KGregersen STassarotti JBirkedal L(2024)Error Credits: Resourceful Reasoning about Error Bounds for Higher-Order Probabilistic ProgramsProceedings of the ACM on Programming Languages10.1145/36746358:ICFP(284-316)Online publication date: 15-Aug-2024
https://dl.acm.org/doi/10.1145/3674635
Xia LIsrael LKramarz MColtharp NClaessen KWeirich SLi Y(2024)Story of Your Lazy Function’s Life: A Bidirectional Demand Semantics for Mechanized Cost Analysis of Lazy ProgramsProceedings of the ACM on Programming Languages10.1145/36746268:ICFP(30-63)Online publication date: 15-Aug-2024
https://dl.acm.org/doi/10.1145/3674626
Gäher LSammler MJung RKrebbers RDreyer D(2024)RefinedRust: A Type System for High-Assurance Verification of Rust ProgramsProceedings of the ACM on Programming Languages10.1145/36564228:PLDI(1115-1139)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656422
Mansky WDu K(2024)An Iris Instance for Verifying CompCert C ProgramsProceedings of the ACM on Programming Languages10.1145/36328488:POPL(148-174)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632848
Gondelman LHinrichsen JPereira MTimany ABirkedal L(2023)Verifying Reliable Network Components in a Distributed Separation Logic with Dependent Separation ProtocolsProceedings of the ACM on Programming Languages10.1145/36078597:ICFP(847-877)Online publication date: 31-Aug-2023
https://dl.acm.org/doi/10.1145/3607859
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Figures

Tables

Media

View Issue’s Table of Contents