Higher-Order Separation Logic in Isabelle/HOLCF

AbstractWe formalize higher-order separation logic for a first-order imperative language with procedures and local variables in Isabelle/HOLCF. The assertion language is modeled in such a way that one may use any theory defined in Isabelle/HOLCF to construct assertions, e.g., primitive recursion, least or greatest fixed points etc. The higher-order logic ensures that we can show non-trivial algorithms correct without having to extend the semantics of the language as was done previously in verifications based on first-order separation logic [Birkedal, L., N.T. Smith and J.C. Reynolds, Local reasoning about a copying garbage collector, in: Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (2004), pp. 220–231; Yang, H., An example of local reasoning in BI pointer logic: the Schorr-Waite graph marking algorithm (2000)]. We provide non-trivial examples to support this claim and to show how the higher-order logic enables natural assertions in specifications. To support abstract reasoning we have implemented rules for representation hiding and data abstraction as seen in [Biering, B., L. Birkedal and N. Torp-Smith, BI-hyperdoctrines, higher-order separation logic, and abstraction, ACM Trans. Program. Lang. Syst. 29 (2007)].The logic is represented as lemmas for reasoning about the denotational semantics of the programming language. This follows the definitional approach common in HOL theorem provers, i.e., the soundness of our model only relies on the soundness of Isabelle/HOL [Gordon, M., Introduction to the HOL system, in: HOL Theorem Proving System and Its Applications, 1991., International Workshop on the, 1991, pp. 2–3].We use our formalization to give a formally verified proof of Cheney's copying garbage collector [Cheney, C.J., A nonrecursive list compacting algorithm, Commun. ACM 13 (1970), pp. 677–678] using a tagged representation of objects. The proof generalizes the results in [Birkedal, L., N.T. Smith and J.C. Reynolds, Local reasoning about a copying garbage collector, in: Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (2004), pp. 220–231]. The proof uses an encoding of the separation logic formula this(h) to capture the heap from before the garbage collection and thus shows another novel use of higher-order separation logic