Affiliation:
1. MPI-SWS, Germany
2. ETH Zurich, Switzerland / MPI-SWS, Germany
3. University of Waterloo, Canada / MPI-SWS, Germany
4. KU Leuven, Belgium
Abstract
Early in the development of Hoare logic, Owicki and Gries introduced
auxiliary variables
as a way of encoding information about the
history
of a program’s execution that is useful for verifying its correctness. Over a decade later, Abadi and Lamport observed that it is sometimes also necessary to know in advance what a program will do in the
future
. To address this need, they proposed
prophecy variables
, originally as a proof technique for refinement mappings between state machines. However, despite the fact that prophecy variables are a clearly useful reasoning mechanism, there is (surprisingly) almost no work that attempts to integrate them into Hoare logic. In this paper, we present the first account of prophecy variables in a Hoare-style program logic that is flexible enough to verify
logical atomicity
(a relative of linearizability) for classic examples from the concurrency literature like RDCSS and the Herlihy-Wing queue. Our account is formalized in the Iris framework for separation logic in Coq. It makes essential use of
ownership
to encode the exclusive right to resolve a prophecy, which in turn enables us to enforce soundness of prophecies with a very simple set of proof rules.
Funder
Horizon 2020
Fonds Wetenschappelijk Onderzoek
Horizon 2020 Framework Programme
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,Software
Reference33 articles.
1. The existence of refinement mappings
2. The existence of refinement mappings
3. Checking interference with fractional permissions;Boyland John;SAS (LNCS),2003
4. Making prophecies with decision predicates
5. TaDA: A logic for time and data abstraction;da Rocha Pinto Pedro;ECOOP (LNCS),2014
Cited by
39 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献