LNCS 10017 Atsushi Igarashi (Ed.) Programming Languages and Systems 14th Asian Symposium, APLAS 2016 Hanoi, Vietnam, November 21–23, 2016 Proceedings 123 Lecture Notes in Computer Science Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zurich, Switzerland John C Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany 10017 More information about this series at http://www.springer.com/series/7408 Atsushi Igarashi (Ed.) Programming Languages and Systems 14th Asian Symposium, APLAS 2016 Hanoi, Vietnam, November 21–23, 2016 Proceedings 123 Editor Atsushi Igarashi Kyoto University Kyoto Japan ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notes in Computer Science ISBN 978-3-319-47957-6 ISBN 978-3-319-47958-3 (eBook) DOI 10.1007/978-3-319-47958-3 Library of Congress Control Number: 2016954930 LNCS Sublibrary: SL2 – Programming and Software Engineering © Springer International Publishing AG 2016 This work is subject to copyright All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed The use of general descriptive names, registered names, trademarks, service marks, etc in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made Printed on acid-free paper This Springer imprint is published by Springer Nature The registered company is Springer International Publishing AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland Preface This volume contains the proceedings of the 14th Asian Symposium on Programming Languages and Systems (APLAS 2016), held in Hanoi, Vietnam, during November 21–23, 2016 APLAS aims to stimulate programming language research by providing a forum for the presentation of the latest results and the exchange of ideas in programming languages and systems APLAS is based in Asia, but is an international forum that serves the worldwide programming language community APLAS 2016 solicited submissions in two categories: regular research papers and system and tool presentations The topics covered in the conference include, but are not limited to: semantics, logics, and foundational theory; design of languages, type systems, and foundational calculi; domain-specific languages; compilers, interpreters, and abstract machines; program derivation, synthesis, and transformation; program analysis, verification, and model-checking; logic, constraint, probabilistic and quantum programming; software security; concurrency and parallelism; and tools for programming and implementation This year 53 papers were submitted to APLAS Each submission was reviewed by three or more Program Committee members with the help of external reviewers After thoroughly evaluating the relevance and quality of each paper, the Program Committee decided to accept 20 regular research papers and two system and tool presentations This year’s program also continued the APLAS tradition of invited talks by distinguished researchers: – Kazuaki Ishizaki (IBM Researh – Tokyo) on “Making Hardware Accelerator Easier to Use” – Frank Pfenning (CMU) on “Substructural Proofs as Automata” – Adam Chlipala (MIT) on “Fiat: A New Perspective on Compiling Domain-Specific Languages in a Proof Assistant” This program would not have been possible without the unstinting efforts of several people, whom I would like to thank First, the Program Committee and subreviewers for the hard work put in towards ensuring the high quality of the proceedings My thanks also go to the Asian Association for Foundation of Software (AAFS), founded by Asian researchers in cooperation with many researchers from Europe and the USA, for sponsoring and supporting APLAS I would like to warmly thank the Steering Committee in general and Quyet-Thang Huynh, Hung Nguyen, and Viet-Ha Nguyen for their support in the local organization and for organizing the poster session Finally, I am grateful to Andrei Voronkov, whose EasyChair system eased the processes of submission, paper selection, and proceedings compilation September 2016 Atsushi Igarashi Organization General Co-chairs Quyet-Thang Huynh Viet-Ha Nguyen Hanoi University of Science and Technology, Vietnam Vietnam National University, Vietnam Program Chair Atsushi Igarashi Kyoto University, Japan Program Committee Andreas Abel Walter Binder Sandrine Blazy Iliano Cervesato Bor-Yuh Evan Chang Kung Chen Yuxi Fu Atsushi Igarashi Oleg Kiselyov Anthony W Lin David Yu Liu Hidehiko Masuhara Bruno C.d.S Oliveira Nadia Polikarpova Alex Potanin G Ramalingam Quan-Thanh Tho Tamara Rezk Sukyoung Ryu Ulrich Schöpp Éric Tanter Tachio Terauchi Gothenburg University, Sweden University of Lugano, Switzerland University of Rennes 1, IRISA, France CMU, Qatar University of Colorado Boulder, USA National Chengchi University, Taipei, Taiwan Shanghai Jiao Tong University, China Kyoto University, Japan Tohoku University, Japan Yale-NUS College, Singapore SUNY Binghamton, USA Tokyo Institute of Technology, Japan The University of Hong Kong, Hong Kong, SAR China MIT, USA Victoria University of Wellington, New Zealand Microsoft Research, India Ho Chi Minh City University of Technology, Vietnam Inria, France KAIST, Korea Ludwig-Maximilians-Universität München, Germany University of Chile, Chile JAIST, Japan Poster Chair Hung Nguyen Hanoi University of Science and Technology, Vietnam VIII Organization Additional Reviewers Aotani, Tomoyuki Asakura, Izumi Bühler, David Cai, Xiaojuan Casinghino, Chris Deng, Yuxin Grigore, Radu Groves, Lindsay Hague, Matthew Kaki, Gowtham Kiefer, Stefan Lam, Edmund Soon Lee Laporte, Vincent Le, Xuan Bach Lengal, Ondrej Li, Guoqiang Liu, Annie Long, Huan Lu, Tianhan Madiot, Jean-Marie Meier, Shawn Moir, Mark Mover, Sergio Ng, Nicholas Patrignani, Marco Pearce, David Pérez, Jorge A Rosà, Andrea Salucci, Luca Springer, Matthias Stein, Benno Streader, David Suenaga, Kohei Sun, Haiyang Swierstra, Doaitse Tauber, Tomas Tekle, Tuncay Trivedi, Ashutosh Tsukada, Takeshi Wang, Meng Weng, Shu-Chun Wilke, Pierre Xie, Ningning Yang, Hongseok Yang, Yanpeng Zhang, Haoyuan Zheng, Yudi Invited Papers Making Hardware Accelerator Easier to Use Kazuaki Ishizaki IBM Research, Tokyo, Japan kiszk@acm.org Hardware accelerators such as general-purpose computing on graphics processing units (GPGPU), field-programmable gate array (FPGA), or application specific integrated circuit (ASIC) are becoming popular for accelerating computation-intensive workloads such as analytics, machine learning, or deep learning While such a hardware accelerator performs parallel computations faster by an order of magnitude, it is not easy for a non-expert programmer to use the accelerator because it is necessary to explicitly write and optimize low-level operations such as device managements and kernel routines While some programming languages or frameworks have introduced a set of parallel constructs with a lambda expression to easily describe a parallel program, it is executed on multi-core CPUs or multiple CPU nodes There are some implementations such as parallel stream APIs in Java or Apache Spark If a runtime system could automatically convert the parallel program into a set of low-level operations for the accelerator, it would be easy to use the accelerator and achieve high performance In this talk, we present our research that transparently exploits a successful hardware accelerator GPGPUs in a programming language or framework Our approach is to generate GPGPU code from a given program that explicitly expresses parallelism without accelerator-specific code This approach allows the programmer to avoid explicitly writing low-level operations for a specific accelerator First, we describe our compilation technique to generate GPGPU code from a parallel stream in Java We explain how to compile a Java program and what optimizations we apply It is available in IBM SDK, Java Technology Edition, Version We then describe our compilation technique to generate GPGPU code from a program in Apache Spark We explain how to compile a program for Apache Spark to generate GPGPU code and how to effectively execute the code 450 Z H´ ou and A Tiu Example Consider Reynolds’s semantics for separation logic [31], with an abstract points-to predicate of arity two This can be shown to be an instance of our abstract semantics, where the domain D is the set of integers, H is the set of heaps (i.e., finite partial maps from integers to integers), denotes the empty heap, and the function f2 is defined as f2 (a, b) = [a → b] where [a → b] is the singleton heap, mapping a to b The operation ◦ on H is defined as heap composition It can be shown that (H, ◦, ) forms a separation algebra Note that if we relax the interpretation of H to allow infinite heaps, (H, ◦, ) is still a separation algebra, which shows that our semantics may admit non-standard interpretations of separation logic LSF OASL: A Labelled Calculus for FOASL Let LVar be an infinite set of label variables, the set L of labels is LVar ∪ { }, where ∈ LVar is a label constant We overload the notation and write h with subscripts as labels A function ρ : L → H from labels to worlds is a label mapping iff it satisfies ρ( ) = , mapping the label constant to the identity world of H A labelled formula is a pair consisting of a label and a formula We write a labelled formula as h : A, when h is the label and A is the formula of the labelled formula A relational atom is an expression of the form (h1 , h2 h3 ), where h1 , h2 and h3 are labels, this corresponds to h1 ◦ h2 = h3 in the semantics A relational atom is not a formula; rather it can be thought of as a structural component of a sequent A sequent takes the form G; Γ Δ where G is a set of relational atoms, Γ, Δ are sets of labelled formulae, and ; denotes set union Thus Γ ; h : A is the union of Γ and {h : A} The left hand side of a sequent is the antecedent and the right hand side is the succedent We call our labelled proof system LSF OASL The logical rules of LSF OASL are shown in Fig 1, structural rules are in Fig To simplify some rules, we introduce the notation h1 ∼ h2 as an abbreviation of ( , h1 h2 ) We use the notation [t/x] to denote a variable substitution, and similarly [h /h] for a label substitution, where h is a label variable The equality rules, for terms (=1 and =2 ) and labels (∼1 and ∼2 ), are the usual equality rules (see e.g., [34]) These rules allow one to replace a term (label) with its equal anywhere in the sequent Note that in those rules, the replacement of terms (labels) need not be done for all occurrences of equal terms; one can replace just one occurrence or more For example, below left is a valid instance of =2 This is because both the premise and the conclusion of the rules are instances of the sequent below right: h : s = t; h1 : p(t, s) h2 : q(s, s) h : s = t; h1 : p(s, s) h2 : q(s, s) =2 h : s = t; h1 : p(x, s) h2 : q(s, s) i.e., the premise sequent is obtained from the above sequent with substitution [t/x], and the conclusion sequent with [s/x] A similar remark applies for label replacements in sequents affected via ∼2 The rules and respectively capture the injectivity and the totality properties of the underlying semantic function interpreting Completeness for a First-Order Abstract Separation Logic G; Γ ; h : A G; h ∼ ; Γ G; Γ ; h : A G; Γ (h1 , h2 Δ ∗ G; Γ ; h : h : B; Δ h0 ); G; Γ ; h1 : A; h2 : B (h1 , h2 h0 ); G; Γ Δ G; Γ ; h : A(y) Δ G; Γ ; h : t = t G; Γ Δ Δ Δ G; Γ ; h : s G; Γ t (h1 , h2 h0 ); G; Γ h2 : B; Δ −∗ R h2 : B; h0 : A ∗ B; Δ h2 ); G; Γ ; h0 : A−∗ B; h2 : B ∃R h : ∃x.A(x); Δ G; h : s = t; Γ [t/x] Δ[t/x] Δ[s/x] G; Γ =2 G; Γ ; h : A Δ G; Γ ; h : ♦A Δ h : A; h : ♦A; Δ G; Γ G; h1 ∼ h2 ; Γ ; h1 : s G; Γ ; h1 : s Δ Δ h : A(t); h : ∃x.A(x); Δ → L h0 : A−∗ B; Δ h0 ); G; Γ G; h : s = t; Γ [s/x] Δ Δ Δ h0 : A ∗ B; Δ (h1 , h0 G; Γ Δ G; Γ ; h : B h2 ); G; Γ ; h1 : A h2 ); G; Γ ; h0 : A−∗ B G; Γ =1 h : A; Δ ⊥L ∗R ;Δ G; Γ h1 : A; Δ ∃L ∗ : (h1 , h0 ∗L h1 : A; h0 : A ∗ B; Δ (h1 , h0 Δ G; Γ ; h : A → B Δ h2 ); G; Γ ; h0 : A−∗ B G; Γ ; h : ∃x.A(x) G; Γ G; Γ (h1 , h2 (h1 , h0 G; Γ ; h : ⊥ ∗L Δ → R h : A → B; Δ G; Γ ; h0 : A ∗ B id h : A; Δ 451 t; h2 : s t; h2 : s t h : ♦A; Δ t Δ ∗R −∗ L ♦L ♦R Δ Side conditions: In ∗L and −∗ R, the labels h1 and h2 not occur in the conclusion In ∃L, y is not free in the conclusion In ♦L, h does not occur in the conclusion In , h does not occur in the conclusion Fig Logical rules in LSF OASL h ∼ h; G; Γ G; Γ (h2 , h1 (h1 , h2 (h1 , h2 (h5 , h6 Δ Δ h0 ); (h1 , h2 ∼1 h0 ); G; Γ h1 ∼ h2 ; G[h2 /h]; Γ [h2 /h] Δ[h2 /h] h1 ∼ h2 ; G[h1 /h]; Γ [h1 /h] Δ[h1 /h] Δ Δ E (h1 , h1 (h1 , h2 h0 ); G; Γ (h3 , h5 h0 ); (h2 , h4 h5 ); (h1 , h2 h0 ); (h3 , h4 (h1 , h2 h0 ); (h3 , h4 h1 ); G; Γ h0 ); h0 ∼ h3 ; G; Γ h0 ); (h1 , h2 h1 ); (h7 , h8 h3 ); G; Γ Δ Δ P ∼2 h2 ); h1 ∼ ; G; Γ (h1 , h1 h2 ); G; Γ h1 ); G; Γ Δ Δ h2 ); (h5 , h7 h3 ); (h6 , h8 h4 ); (h1 , h2 (h1 , h2 h0 ); (h3 , h4 h0 ); G; Γ h0 ); G; Γ h0 ); (h3 , h4 Δ Side conditions: In A, the label h5 does not occur in the conclusion In CS, the labels h5 , h6 , h7 , h8 not occur in the conclusion Fig Structural rules in LSF OASL D A (h1 ,h2 h0 ); h2 ∼ h3 ; G; Γ (h1 ,h2 h0 ); (h1 , h3 Δ Δ Δ Δ h0 ); G; Γ C Δ CS 452 Z H´ ou and A Tiu An extended model (M, ρ) is a FOASL model M equipped with a label mapping ρ A sequent G; Γ Δ is falsifiable in an extended model if: (1) every relational atom (h1 , h2 h3 ) ∈ G is true, i.e., ρ(h1 ) ◦ ρ(h2 ) = ρ(h3 ); (2) every labelled formula h : A ∈ Γ is true, i.e., M, v, ρ(h) A; (3) every labelled formula h : B ∈ Δ is false, i.e., M, v, ρ(h ) B A sequent is falsifiable if it is falsifiable in some extended model To prove a formula F , we start from the sequent h : F with an arbitrary label h = , and try to derive a closed derivation by applying inference rules backwards from this sequent A derivation is closed if every branch can be closed by a rule with no premises The soundness of LSF OASL can be proved by arguing that each rule preserves falsifiability upwards The proof is given in [18] Theorem (Soundness) For every FOASL formula F , if h : F is derivable in LSF OASL for any label h, then F is a valid FOASL formula Counter-Model Construction We now give a counter-model construction for LSF OASL to show that LSF OASL is complete w.r.t FOASL The proof here is motivated by the completeness proof of the labelled sequent calculus and labelled tableaux for PASL [16,21], but this proof is significantly more complex, as can be seen in the definition of Hintikka sequent below, which has almost twice as many cases as the previous work The constructed model extends the non-classical logic model in the previous work with a Herbrand model as in first-order logic For space reasons we only set up the stage here and give the full proofs in [18] We define a notion of saturated sequent, i.e., Hintikka sequent, on which all possible rule instances in LSF OASL have been applied In the following, we denote with R a relational atom or a labelled formula Definition (Hintikka sequent) Let L be a FOASL language and let T be the set of closed terms in L A labelled sequent G; Γ Δ, where Γ, Δ are sets of labelled sentences, is a Hintikka sequent w.r.t L if it satisfies the following conditions for any sentences A, B, any terms t, t , and any labels h, h0 , h1 , h2 , h3 , h4 , h5 , h6 , h7 : If h1 : A ∈ Γ and h2 : A ∈ Δ then h1 ∼ h2 ∈ G h : ⊥ ∈ Γ If h : ∗ ∈ Γ then h ∼ ∈ G If h : ∗ ∈ Δ then h ∼ ∈ G If h : A → B ∈ Γ then h : A ∈ Δ or h : B ∈ Γ If h : A → B ∈ Δ then h : A ∈ Γ and h : B ∈ Δ If h0 : A ∗ B ∈ Γ then ∃h1 , h2 ∈ L s.t (h1 , h2 h0 ) ∈ G, h1 : A ∈ Γ and h2 : B If h3 : A ∗ B ∈ Δ then ∀h0 , h1 , h2 ∈ L if (h1 , h2 h0 ) ∈ G and h0 ∼ h3 ∈ G h1 : A ∈ Δ or h2 : B ∈ Δ If h3 : A−∗ B ∈ Γ then ∀h0 , h1 , h2 ∈ L if (h1 , h2 h0 ) ∈ G and h2 ∼ h3 ∈ G, h1 : A ∈ Δ or h0 : B ∈ Γ 10 If h2 : A−∗ B ∈ Δ then ∃h0 , h1 ∈ L s.t (h1 , h2 h0 ) ∈ G, h1 : A ∈ Γ h0 : B ∈ Δ ∈ Γ then then and Completeness for a First-Order Abstract Separation Logic 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 453 If h : ∃x.A(x) ∈ Γ then h : A(t) ∈ Γ for some t ∈ T If h : ∃x.A(x) ∈ Δ then h : A(t) ∈ Δ for every t ∈ T If h : ♦A ∈ Γ then ∃h1 ∈ L s.t h1 : A ∈ Γ If h : ♦A ∈ Δ then ∀h1 ∈ L, h1 : A ∈ Δ For any t ∈ T , ∃h ∈ L s.t h : t = t ∈ Γ If h1 : t = t ∈ Γ and h2 : A[t/x] ∈ Γ (h2 : A[t/x] ∈ Δ) then h2 : A[t /x] ∈ Γ (resp h2 : A[t /x] ∈ Δ) For any label h ∈ L, h ∼ h ∈ G If h1 ∼ h2 ∈ G and a relational atom or a labelled formula R[h1 /h] ∈ G ∪ Γ (resp R[h1 /h] ∈ Δ), then R[h2 /h] ∈ G ∪ Γ (resp R[h2 /h] ∈ Δ) If (h1 , h2 h0 ) ∈ G then (h2 , h1 h0 ) ∈ G If {(h1 , h2 h0 ); (h3 , h4 h6 ); h1 ∼ h6 } ⊆ G then ∃h5 ∈ L {(h3 , h5 h0 ), (h2 , h4 h5 )} ⊆ G If {(h1 , h2 h0 ); (h3 , h4 h9 ); h0 ∼ h9 } ⊆ G then ∃h5 , h6 , h7 , h8 ∈ L s.t {(h5 , h6 h1 ), (h7 , h8 h2 ), (h5 , h7 h3 ), (h6 , h8 h4 )} ⊆ G For every abstract points-to predicate k in the language and for any t1 , , tk ∈ T , ∃h ∈ L s.t h : t1 k t2 , , tk ∈ Γ If {h1 : s t, h2 : s t} ⊆ Γ then h1 ∼ h2 ∈ G If {(h1 , h3 h2 ), h1 ∼ h3 } ⊆ G then h1 ∼ ∈ G If {(h1 , h2 h0 ), (h4 , h5 h3 ), h1 ∼ h4 , h2 ∼ h5 } ⊆ G then h0 ∼ h3 ∈ G If {(h1 ,h2 h0 ), (h4 , h5 h3 ), h1 ∼ h4 , h0 ∼ h3 } ⊆ G then h2 ∼ h5 ∈ G The next lemma shows that we can build an extended FOASL model (M, ρ) where M = (D, I, v, F, H, ◦, ) that falsifies the Hintikka sequent G; Γ Δ The D, I part is a Herbrand model as in first-order logic The construction of the monoid (H, ◦, ) is similar to the one for PASL [16], where H is the set of equivalent classes of labels in the sequent The interpretation of the predicate is defined based the set of functions F For each n-ary predicate n , there is a function fn ∈ F defined as below: fn (t1 , · · · , tn ) = [h]G iff h : t1 n t2 , · · · , tn ∈ Γ and h ∼ h ∈ G where [h]G is the class of labels equivalent to h in G F is the set of all such functions By Condition 22 and 23 of the Hintikka sequent, each function in F must be a total function The full proof is in [18] Lemma (Hintikka’s Lemma) Suppose L is a FOASL language with a non-empty set of closed terms Every Hintikka sequent w.r.t L is falsifiable Then we show how to construct a Hintikka sequent for an unprovable formula using the proof system LSF OASL Unlike the usual procedure, we have to consider the rules with no (or more than one) principal formulae To this end, we define a notion of extended formulae as in the previous work [16]: ExF ::= F | ≡1 | ≡2 | →1 | →2 | E | A | CS | ≈1 | ≈2 | P | C | D Here, F is a FOASL formula, the other symbols correspond to the special rules in LSF OASL For example, ≡1 and ≡2 correspond to rules =1 and =2 ; →1 and →2 correspond to and ; ≈1 and ≈2 correspond to ∼1 and ∼2 The saturation procedure is performed according to a schedule, which is defined below 454 Z H´ ou and A Tiu Definition (Schedule) A rule instance is a tuple (O, h, ExF, R, S, n), where O is either (left) or (right), h is a label, ExF is an extended formula, R is a set of relational atoms such that |R| ≤ 2, S is a set of labelled formulae with |S| ≤ 2, and n is a natural number Let I denote the set of all rule instances A schedule is a function from natural numbers N to I A schedule φ is fair if for every rule instance I, the set {i | φ(i) = I} is infinite It is easy to verify that a fair schedule must exist This is proved by checking that I is a countable set [21], which follows from the fact that I is a finite product of countable sets We fix a fair schedule φ for the following proofs We assume the set L of labels is totally ordered and can be enumerated as h0 , h1 , h2 , · · · , where h0 = Similarly, we assume an infinite set of closed terms which can be enumerated as t0 , t1 , t2 , · · · , all of which are disjoint from the terms in F Suppose F is an unprovable formula, we start from the sequent h1 : F and construct an underivable sequent as below Definition Let F be a formula which is not provable in LSF OASL We assume that every variable in F is bounded, otherwise we can rewrite F so that unbounded variables are universally quantified We construct a series of finite sequents Gi ; Γi Δi i∈N from F where G1 = Γ1 = ∅ and Δ1 = a1 : F Suppose Gi ; Γi Δi has been defined, we define Gi+1 ; Γi+1 Δi+1 in the sequel Suppose φ(i) = (Oi , hi , ExFi , Ri , Si , ni ) When we use ni to select a term (resp label) in a formula (resp relational atom), we assume the terms (resp labels) are ordered from left to right If ni is greater than the number of terms in the formula (labels in the relational atom), then no effect is taken We only show a few cases here, and display this rather involved construction in the Appendix of [18] – If Oi = 0, ExFi is a FOASL formula Ci = F1 ∗ F2 and hi : Ci ∈ Γi , then Gi+1 = Gi ∪ {(h4i , h4i+1 hi )}, Γi+1 = Γi ∪ {h4i : F1 , h4i+1 : F2 }, Δi+1 = Δi – If ExFi is ≡1 and Si = {hi : tn = tn }, where n ≤ i + 1, then Gi+1 = Gi , Γi+1 = Γi ∪ {hi : tn = tn }, and Δi+1 = Δi – If ExFi is ≡2 and Si = {h : t = t , h : A[t/x]} ⊆ Γi , where x is the ni th term in A, then Gi+1 = Gi , Γi+1 = Γi ∪ {h : A[t /x]}, and Δi+1 = Δi – If ExFi is ≡2 and Si = {h : t = t , h : A[t/x]} where h : t = t ∈ Γi , h : A[t/x] ∈ Δi , and x is the ni th term in A Then Gi+1 = Gi , Γi+1 = Γi , and Δi+1 = Δi ∪ {h : A[t /x]} The first rule shows how to use the ∗L rule and how to deal with fresh variables The indexing of labels guarantees that the choice of h4i , h4i+1 , h4i+2 , h4i+3 are always fresh for the sequent Gi ; Γi Δi Similarly, the term ti+1 does Δi The second rule generates an identity not occur in the sequent Gi ; Γi equality relation for the term tn The last two rules find a formula h : A in the antecedent and succedent respectively, and replace t with t in A The construction in Definition non-trivially extends a similar construction of Hintikka CSS due to Larchey-Wendling [21] and a similar one in [16] We also borrow the notions of consistency and finite-consistency from Δ ⊆ G; Γ Δ iff G ⊆ G, Larchey-Wendling’s work [21] We say G ; Γ Completeness for a First-Order Abstract Separation Logic 455 Γ ⊆ Γ and Δ ⊆ Δ A sequent G; Γ Δ is finite if G, Γ, Δ are finite sets Define Δ ⊆f G; Γ Δ iff G ; Γ Δ ⊆ G; Γ Δ and G ; Γ Δ is finite If G ;Γ G; Γ Δ is a finite sequent, it is consistent iff it does not have a derivation in LSF OASL A (possibly infinite) sequent G; Γ Δ is finitely-consistent iff every Δ ⊆f G; Γ Δ is consistent G ;Γ We write Li for the set of labels occurring in the sequent Gi ; Γi Δi , and write Di for the set of terms which are disjoint from those in F in that sequent Thus L1 = {a1 } and D1 = ∅ The following lemma states some properties of the construction of the sequents Gi ; Γi Δi Lemma For any i ∈ N , the following properties hold: Gi ; Γi Δi has no derivation Li ⊆ {a0 , a1 , · · · , a4i−1 } Di ⊆ {t0 , t1 , · · · , ti } Gi ; Γi Δi ⊆f Gi+1 ; Γi+1 Δi+1 Given the construction of the series of sequents in Definition 3, we define a notion of a limit sequent as the union of every sequent in the series Definition (Limit sequent) Let F be a formula unprovable in LSF OASL The limit sequent for F is the sequent G ω ; Γ ω Δω where G ω = i∈N Gi and Δi is as defined in Γ ω = i∈N Γi and Δω = i∈N Δi and where Gi ; Γi Definition The last step is to show that the limit sequent is a Hintikka sequent, which gives rise to a counter-model of the formula that cannot be proved Lemma If F is a formula unprovable in LSF OASL , then the limit sequent for F is a Hintikka sequent Now we can finish the completeness theorem: whenever a FOASL formula has no derivation in LSF OASL , there is an infinite counter-model The theorem states the contraposition Theorem (Completeness) If F is valid in FOASL, then F is provable in LSF OASL Theories for → in Separation Logics Our predicate admits more interpretations than the standard → predicate in SL heap model semantics We can, however, approximate the behaviors of → by formulating additional properties of → as logical theories We show next some of the theories for → arising in various SL semantics 456 5.1 Z H´ ou and A Tiu Reynolds’s Semantics The → predicate in Reynolds’s semantics can be formalized as follows, where the store s is a total function from variables to values, and the heap h is a finite partial function from addresses to values: s, h x → y iff dom(h) = {s(x)} and h(s(x)) = s(y) Here we tackle the problem indirectly from the abstract separation logic angle We give the following theories to approximate the semantics of → in SL: ∀e1 , e2 (e1 → e2 ) ∧ ∗ → ⊥ ∀e1 , e2 (e1 → e2 ) → ¬(¬ ∗ ∗ ¬ ∀e1 , e2 , e3 , e4 (e1 → e2 ) ∗ (e3 → e4 ) → ¬(e1 = e3 ) ∀e1 , e2 , e3 , e4 (e1 → e2 ) ∧ (e3 → e4 ) → (e1 = e3 ) ∧ (e2 = e4 ) ∀e1 , e2 (e1 → e2 ) → (e1 e2 ) ∃e1 ∀e2 ¬((e1 → e2 )−∗ ⊥) ∗ ) Note that the opposite direction (e1 e2 ) → (e1 → e2 ) does not necessarily hold because is weaker than → The above theories intend to capture the inference rules for → in LSSL [17], the captured rules are given in Fig The first five formulae simulate the rules → L1 , → L2 , → L3 , → L4 , and HE respectively The rule → L5 can be derived by and Formula G; Γ ; : e1 → e2 → L1 ( , h0 h0 ); G[ /h1 , h0 /h2 ]; Γ [ /h1 , h0 /h2 ]; h0 : e1 → e2 Δ[ /h1 , h0 /h2 ] (h0 , h0 ); G[ /h2 , h0 /h1 ]; Γ [ /h2 , h0 /h1 ]; h0 : e1 → e2 Δ[ /h2 , h0 /h1 ] (h1 , h2 (h1 , h2 Δ h0 ); G; Γ ; h0 : e1 → e2 h0 ); G; Γ ; h1 : e → e1 ; h2 : e → e2 G[h1 /h2 ]; Γ [h1 /h2 ]; h1 : e1 → e2 Δ Δ[h1 /h2 ] G; Γ ; h1 : e1 → e2 ; h2 : e1 → e2 Δ → L3 → L5 Side conditions: Each label being substituted cannot be In HE, h0 occurs in conclusion, h1 , h2 , e1 are fresh Δ G; Γ θ; h : e1 θ → e2 θ → L2 Δθ G; Γ ; h : e1 → e2 ; h : e3 → e4 (h1 , h0 h2 ); G; Γ ; h1 : e1 → e2 G; Γ Δ Δ Δ → L4 HE In → L4 , θ = mgu({(e1 , e3 ), (e2 , e4 )}) Fig Points-to rules in LSSL Lemma The inference rules in Fig are admissible in LSF OASL when Formula 1–6 are assumed true The validity of Formula 1–6 w.r.t Reynolds’s SL model is easy to check, the rationale is similar to the soundness of corresponding rules in LSSL [17] Therefore Reynolds’s SL is an instance of our logic Lemma Formula 1–6 are valid in Reynolds’s SL semantics Completeness for a First-Order Abstract Separation Logic 457 The rules in Fig cover most of the rules for → in LSSL [17], but we have not found a way to handle the following rule (with two premises): (h1 , h2 h0 ); G; Γ Δ (h3 , h4 h1 ); (h5 , h6 h2 ); G; Γ ; h3 : e1 → e2 ; h5 : e1 → e3 G; Γ Δ Δ HC The rule HC effectively picks two arbitrary heaps h1 and h2 , and does a case split of whether they can be combined or not This rule seems to require more expressiveness than our logic However, the above formulae cover most of properties about → that existing tools for SL can handle, including the treatments in [17] and those for symbolic heaps [2] 5.2 Vafeiadis and Parkinson’s SL Vafeiadis and Parkinson’s SL [35] is almost the same as Reynolds’s definition, but they only consider values as addresses This is a common setting in many applications, such as [14] In this setting, the following formula is valid: ∗ → ¬((e1 → e2 )−∗ ¬(e1 → e2 )) This formula, however, is invalid in Reynolds’s SL Obviously Formula to are valid in Vafeiadis and Parkinson’s SL, thus their logic is also an instance of our abstract logic To cater for the special feature, we propose a formula for “total addressability”: ∀e1 , e2 ♦(e1 → e2 ) This formula ensures that there must exist a heap (e1 → e2 ) no matter what values e1 , e2 have This is sound because in Vafeiadis and Parkinson’s SL, e1 must denote a valid address, thus h with dom(h) = {s(e1 )} and h(s(e1 )) = s(e2 ), where s is the store, must be a legitimate function, which by definition is a heap 5.3 Lee et al.’s SL Lee et al.’s proof system for SL corresponds to a non-standard semantics (although they used Reynolds’s semantics in their paper) [25] While there is not a reference of a formal definition of their non-standard semantics, their inference rule −∗ Disj suggests that they forbid “incompatible heaps” For example, if there exists a heap e1 → e2 , then there shall not exist another heap (e1 → e3 ), where e2 = e3 Their −∗ Disj rule can help derive the following formula, which is invalid in Reynolds’s SL: (((e1 → e2 ) ∗ )−∗ ⊥) ∨ (((e1 → e3 ) ∗ )−∗ ¬((e1 → e2 )−∗ ⊥)) ∨ (e2 = e3 ) If we assume that the above non-standard semantics conform with Reynolds’s SL in other aspects (as validated by Formula 1–6), then it can be seen as a special instance of our abstract logic The compatibility property can then be formulated as follows: ∀e1 , e2 ♦(e1 → e2 ) → ¬(∃e3 ¬(e2 = e3 ) ∧ ♦(e1 → e3 )) With Formula we can prove the invalid formula above 458 Z H´ ou and A Tiu 5.4 Thakur et al.’s SL There are SL variants that forbid heaps with cyclic lists, for example, the one defined by Thakur et al [33] Consequently, the following two formulae are unsatisfiable in their SL: e1 → e1 e1 → e2 ∗ e2 → e1 To formulate this property, we first define a notion of a path: ∀e1 , e2 (path(e1 , e2 ) ≡ e1 → e2 ∨ (∃e3 (e1 → e3 ) ∗ path(e3 , e2 ))) where ≡ denotes logical equivalence (bi-implication) Now the property of “acyclism” can be formulated as ∀e1 , e2 (path(e1 , e2 ) → e1 = e2 ) which renders cyclic paths unsatisfiable in our logic, too Note that since our proof system does not support inductive definitions, we cannot force the interpretation of path to be the least fixed point of its definition We leave the incorporation of inductive definitions to future work Implementation and Experiment Our theorem prover for FOASL extends our previous prover for Reynolds’s SL [17] with the ability to handle (non-inductive) predicates and modalities To speed up proof search, instead of implementing =2 and ∼2 , we use the following rules: G; Γ [s/t] Δ[s/t] G; h : s = t; Γ Δ =2 where θ = [h1 /h2 ] if h2 = Gθ; Γ θ Δθ h1 ∼ h2 ; G; Γ Δ ∼2 and θ = [h2 /h1 ] otherwise These two rules can be shown to be interchangeable with =2 and ∼2 One direction, i.e., showing that =2 and ∼2 can be derived in FOASL, is straightforward The other direction requires some further justification Let LSF OASL be LSF OASL with =2 and ∼2 replaced by =2 and ∼2 respectively, we then need to show that =2 and ∼2 are admissible in LSF OASL To prove this, we follow a similar proof for free-equality rules for first-order terms by Schroeder-Heister [32] The key part in that proof is in showing that provability is closed under substitutions In our setting, we need to show that LSF OASL is closed under both term substitutions and label substitutions, which are stated below Lemma If G; Γ Δ is derivable in LSF OASL , then so is G; Γ [s/t] for any terms s and t Δ[s/t] Lemma If G; Γ Δ is derivable in LSF OASL , then so is G[h1 /h2 ]; Γ [h1 /h2 ]Δ[h1 /h2 ] for any label h1 and label variable h2 Completeness for a First-Order Abstract Separation Logic 459 Note that by restricting h2 to a label variable, we forbid to be substituted in the above lemma These two lemmas require induction on the height of derivations, and routine checks confirm that they both hold Then it is a corollary that =2 and ∼2 are admissible in LSF OASL Since the heap model is widely used, our prover also includes useful rules to reason in the heap model, such as the derived rules in Fig But we currently have not included the HC rule in our proof search procedure Since many applications of SL involve reasoning about invalid addresses, such as nil, we also add a theory to capture a simple aspect of the invalid address nil: 10 ∀e.(nil → e) → ⊥ Since the current prover is an extension of our previous prover, it builds in the inference rules for linked lists and binary trees for reasoning about the symbolic heap fragment of SL It is also capable of proving theorems used in verification of a tail-recursive append function [26], as shown in [17] However, we not exploit these aspects here We illustrate a list of formulae provable by our prover in Table Formulae 1–4 are examples drawn from Galmiche and M´ery’s work on resource graph Table Experiment on selected formulae Formula Time (( −∗ (((k → c, d)−∗ (l → a, b)) → (l → a, b))) → (l → a, b)) < 0.001s ((∃x2 ((∃x1 ((x2 → x1 , b) → ⊥)) → ⊥)) → (∃x3 (x3 → a, b))) ((( ((∃x3 x2 x1 (((x3 → a, x2 ) ∗ (x1 → c, d)) ∧ x2 = x1 )) → (∃x5 x4 ((x4 → c, d) ∗ (x5 → a, x4 )))) < 0.001s ((((e1 → e2 ) ∗ ) ∧ (((e3 → e4 ) ∗ )∧ (((e5 → e6 ) ∗ ) ∧ (¬(e1 = e3 ) ∧ (¬(e1 = e5 ) ∧ ¬(e3 = e5 )))))) → (((e1 → e2 ) ∗ ((e3 → e4 ) ∗ (e5 → e6 ))) ∗ )) 0.9s ((((e1 → e2 ) ∗ ¬((e3 → e4 ) ∗ ¬((¬ ((¬(((l1 → p) ∗ (l2 → q))−∗ (¬(l3 → r)))) → (¬((l1 → p)−∗ (¬(¬((l2 → q)−∗ (¬(l3 → r)))))))) < 0.001s ((¬((l1 → p)−∗ (¬(¬((l2 → q)−∗ (¬(l3 → r))))))) → (¬(((l1 → p) ∗ (l2 → q))−∗ (¬(l3 → r))))) < 0.001s ∗ → ⊥) → ⊥) → ((∃x1 ((x1 → a, b) ∗ ∗ ∗¬ ∗ )) → ⊥)) )) ∧ ((e3 → e4 ) ∗ )) → e1 = e3 ) )−∗ ⊥) < 0.001s 0.0015s 10 ((¬((lx → ly)−∗ (¬((l1 → p) ∗ (l2 → q))))) → (¬((¬((¬((lx → ly)−∗ (¬(l1 → p)))) ∗ ((l2 → q)∧ (¬(∃x1 ((lx → x1 ) ∗ )))))) ∧ (¬((¬((lx → ly)−∗ (¬(l2 → q)))) ∗ ((l1 → p) ∧ (¬(∃x2 ((lx → x2 ) ∗ ))))))))) 11 ((∀x2 x1 ♦(x2 → x1 )) → ( < 0.001s < 0.001s ∗ → ¬((e1 → e2 )−∗ ¬(e1 → e2 )))) 12 ((∀x3 x2 (♦(x3 → x2 ) → ¬(∃x1 (¬(x2 = x1) ∧ ♦(x3 → x1 ))))) → ((((e1 → e2 ) ∗ )−∗ ⊥) ∨ ((((e1 → e3 ) ∗ )−∗ ¬((e1 → e2 )−∗ ⊥)) ∨e2 = e3 ))) < 0.001s < 0.001s 0.0025s 460 Z H´ ou and A Tiu tableaux for SL [15] Formula is a property about overlaid data structures: if the current heap contains (e1 → e2 ) and (e3 → e4 ) and (e5 → e6 ), and they are pairwise distinct, then the current heap contains the combination of the three heaps Formula says that if the current heap can be split into two parts, one is (e1 → e2 ) and the other part does not contain (e3 → e4 ), and the current heap contains (e3 → e4 ), then we deduce that (e3 → e4 ) and (e1 → e2 ) must be the same heap, therefore e1 = e3 Formula says that any heap can be combined with a composite heap We give a derivation of formula in Appendix A Formulae 8–10 are properties of “septraction” in SL with Rely-Guarantee [35] Finally, formulae 11 and 12 show that our prover can easily support reasoning about Vafeiadis and Parkinson’s SL (cf Sect 5.2) and Lee et al.’s SL (cf Sect 5.3) by simply adding the corresponding theories as assumptions This is a great advantage over our previous work where new rules have to be implemented to extend the ability of the prover To our knowledge most existing provers for SL cannot prove the formulae in Table Examples of larger formulae used in program verification can be found in the experiment of our previous prover [17], upon which this prover is built Conclusion This paper presents a first-order abstract separation logic with modalities This logic is rich enough to express formulae in real-world applications such as program verification We give a sound and complete labelled sequent calculus for this logic The completeness of the finite calculus implies that our logic is recursively enumerable To deal with →, we give a set of formulae to approximate the semantics of memory model Of course, we cannot fully simulate →, but we can handle most properties about → compared with existing tools for SL Moreover, we can prove numerous formulae that many existing tools for SL cannot handle The techniques discussed in this paper are demonstrated in a rather flexible theorem prover which supports automated reasoning in different SL variants without any change to the implementation With this foundation, one can simply add formulae as “assumption”, and prove theorems that cannot be proved in the base logic Acknowledgments This research is supported by the National Research Foundation, Prime Minister’s Office, Singapore under its National Cybersecurity R&D Program (Award No NRF2014NCR-NCR001-30) and administered by the National Cybersecurity R&D Directorate A An Example Derivation We sometimes write r × n when it is obvious that the rule r is applied n times We omit some formulae to save space The derivation is given in the next page The sub-derivation Π1 is similar to Π2 ∗R id · · · ; : e3 → e4 : e3 → e4 ; · · · ∧R : (e3 → e4 ) ∧ ∗ ; · · · · · · ; : ⊥; : e3 → e4 · · · ∗ · · · ; : ((e3 → e4 ) ∧ ) → ⊥; : e3 → e4 · · · ∀L × · · · ; : ∀e1 , e2 ((e1 → e2 ) ∧ ∗ ) → ⊥; : e3 → e4 · · · L on Formula · · · ; : e3 → e4 · · · Eq1 ( , h3 ); · · · ; h3 : e3 → e4 · · · ∗L · · · ; h3 : e3 → e4 ; h3 : ∗ · · · ¬R · · · ; h3 : e3 → e4 h3 : ¬ ∗ ; · · · Π1 ∗R ⊥L · · · ; h4 : ⊥ · · · (h3 , h1 h5 ); · · · ; h1 : e1 → e2 ; h3 : e3 → e4 h5 : ((¬ ∗ ) ∗ (¬ ∗ )); · · · −∗ L ∗ ∗ (h5 , h0 h4 ); (h3 , h1 h5 ); · · · ; h0 : ((¬ ) ∗ (¬ ))−∗ ⊥; h1 : (e1 → e2 ); h3 : (e3 → e4 ) · · · E (h0 , h5 h4 ); (h3 , h1 h5 ); · · · ; h0 : ((¬ ∗ ) ∗ (¬ ∗ ))−∗ ⊥; h1 : (e1 → e2 ); h3 : (e3 → e4 ) · · · A (h0 , h1 h2 ); (h2 , h3 h4 ); · · · ; h0 : ((¬ ∗ ) ∗ (¬ ∗ ))−∗ ⊥; h1 : (e1 → e2 ); h3 : (e3 → e4 ) · · · E×2 ∗ ∗ (h1 , h0 h2 ); (h3 , h2 h4 ); · · · ; h0 : ((¬ ) ∗ (¬ ))−∗ ⊥; h1 : (e1 → e2 ); h3 : (e3 → e4 ) h4 : ⊥; h2 : ⊥ −∗ R ∗ ∗ (h1 , h0 h2 ); · · · ; h0 : ((¬ ) ∗ (¬ ))−∗ ⊥; h1 : (e1 → e2 ) h2 : (e3 → e4 )−∗ ⊥; h2 : ⊥ ¬L (h1 , h0 h2 ); · · · ; h2 : ¬((e3 → e4 )−∗ ⊥); h0 : ((¬ ∗ ) ∗ (¬ ∗ ))−∗ ⊥; h1 : (e1 → e2 ) h2 : ⊥ ∀L (h1 , h0 h2 ); · · · ; h2 : ∀e2 ¬((e3 → e2 )−∗ ⊥); h0 : ((¬ ∗ ) ∗ (¬ ∗ ))−∗ ⊥; h1 : (e1 → e2 ) h2 : ⊥ ∃L ∗ ∗ (h1 , h0 h2 ); · · · ; h2 : ∃e1 ∀e2 ¬((e1 → e2 )−∗ ⊥); h0 : ((¬ ) ∗ (¬ ))−∗ ⊥; h1 : (e1 → e2 ) h2 : ⊥ L on Formula ∗ ∗ (h1 , h0 h2 ); · · · ; h0 : ((¬ ) ∗ (¬ ))−∗ ⊥; h1 : (e1 → e2 ) h2 : ⊥ −∗ R ∗ ∗ · · · ; h0 : ((¬ ) ∗ (¬ ))−∗ ⊥ h0 : (e1 → e2 )−∗ ⊥ ¬L · · · ; h0 : ¬((e1 → e2 )−∗ ⊥); h0 : ((¬ ∗ ) ∗ (¬ ∗ ))−∗ ⊥ ∀L · · · ; h0 : ∀e2 ¬((e1 → e2 )−∗ ⊥); h0 : ((¬ ∗ ) ∗ (¬ ∗ ))−∗ ⊥ ∃L ∗ ∗ · · · ; h0 : ∃e1 ∀e2 ¬((e1 → e2 )−∗ ⊥); h0 : ((¬ ) ∗ (¬ ))−∗ ⊥ L on Formula ∗ ∗ ; h0 : A; h0 : ((¬ ) ∗ (¬ ))−∗ ⊥ ¬R ; h0 : A h0 : ¬(((¬ ∗ ) ∗ (¬ ∗ ))−∗ ⊥) → R ; h0 : A → ¬(((¬ ∗ ) ∗ (¬ ∗ ))−∗ ⊥) · · · ; : e3 → e4 : ∗ ··· · · · ; : e3 → e4 → L ⊥L Completeness for a First-Order Abstract Separation Logic 461 462 Z H´ ou and A Tiu References Berdine, J., Calcagno, C., O’Hearn, P.W.: Smallfoot: modular automatic assertion checking with separation logic In: Boer, F.S., Bonsangue, M.M., Graf, S., Roever, W.-P (eds.) FMCO 2005 LNCS, vol 4111, pp 115–137 Springer, Heidelberg (2006) doi:10.1007/11804192 Berdine, J., Calcagno, C., O’Hearn, P.W.: Symbolic Execution with Separation Logic In: Yi, K (ed.) APLAS 2005 LNCS, vol 3780, pp 52–68 Springer, Heidelberg (2005) doi:10.1007/11575467 Brochenin, R., Demri, S., Lozes, E.: On the almighty wand Inf Comput 211, 106–137 (2012) Brookes, S.: A semantics for concurrent separation logic Theor Comput Sci 375(1–3), 227–270 (2007) Brotherston, J.: A unified display proof theory for bunched logic ENTCS 265, 197–211 (2010) Brotherston, J., Distefano, D., Petersen, R.L.: Automated cyclic entailment proofs in separation logic In: Bjørner, N., Sofronie-Stokkermans, V (eds.) CADE 2011 LNCS (LNAI), vol 6803, pp 131–146 Springer, Heidelberg (2011) doi:10.1007/ 978-3-642-22438-6 12 Brotherston, J., Kanovich, M.: Undecidability of propositional separation logic and its neighbours J ACM 61(2), 14:1–14:43 (2014) doi:10.1145/2542667 Brotherston, J., Villard, J.: Parametric completeness for separation theories In: POPL, pp 453–464 ACM (2014) Calcagno, C., O’Hearn, P.W., Yang, H.: Local action and abstract separation logic In: LICS, pp 366–378 IEEE (2007) 10 Calcagno, C., Yang, H., O’Hearn, P.W.: Computability and Complexity Results for a Spatial Assertion Language for Data Structures In: Hariharan, R., Vinay, V., Mukund, M (eds.) FSTTCS 2001 LNCS, vol 2245, pp 108–119 Springer, Heidelberg (2001) doi:10.1007/3-540-45294-X 10 11 Demri, S., Deters, M.: Expressive completeness of separation logic with two variables and no separating conjunction In: CSL/LICS (2014) 12 Demri, S., Galmiche, D., Larchey-Wendling, D., M´ery, D.: Separation logic with ´ Vereshchagin, one quantified variable In: Hirsch, E.A., Kuznetsov, S.O., Pin, J.E., N.K (eds.) CSR 2014 LNCS, vol 8476, pp 125–138 Springer, Heidelberg (2014) doi:10.1007/978-3-319-06686-8 10 13 Dockins, R., Hobor, A., Appel, A.W.: A fresh look at separation algebras and share accounting In: Hu, Z (ed.) APLAS 2009 LNCS, vol 5904, pp 161–177 Springer, Heidelberg (2009) doi:10.1007/978-3-642-10672-9 13 14 Galmiche, D., M´ery, D., Pym, D.: The semantics of BI and resource tableaux MSCS 15(6), 1033–1088 (2005) 15 Galmiche, D., M´ery, D.: Tableaux and resource graphs for separation logic J Logic Comput 20(1), 189–231 (2010) 16 H´ ou, Z., Clouston, R., Gor´e, R., Tiu, A.: Proof search for propositional abstract separation logics via labelled sequents In: POPL (2014) 17 H´ ou, Z., Gor´e, R., Tiu, A.: Automated theorem proving for assertions in separation logic with all connectives In: Felty, A.P., Middeldorp, A (eds.) CADE 2015 LNCS (LNAI), vol 9195, pp 501–516 Springer, Heidelberg (2015) doi:10.1007/ 978-3-319-21401-6 34 18 H´ ou, Z., Tiu, A.: Completeness for a first-order abstract separation logic [cs.LO] (2016) arXiv: 1608.06729 Completeness for a First-Order Abstract Separation Logic 463 19 Jensen, J.B., Birkedal, L.: Fictional separation logic In: Seidl, H (ed.) ESOP 2012 LNCS, vol 7211, pp 377–396 Springer, Heidelberg (2012) doi:10.1007/ 978-3-642-28869-2 19 20 Krishnaswami, N.R.: Reasoning about iterators with separation logic In: SAVCBS, pp 83–86 ACM (2006) 21 Larchey-Wendling, D.: The formal strong completeness of partial monoidal Boolean BI JLC 26(2), 605–640 (2014) 22 Larchey-Wendling, D., Galmiche, D.: Exploring the relation between intuitionistic BI and Boolean BI: an unexpected embedding MSCS 19(3), 435–500 (2009) 23 Larchey-Wendling, D., Galmiche, D.: The undecidability of Boolean BI through phase semantics In: LICS, pp 140–149 (2010) 24 Larchey-Wendling, D., Galmiche, D.: Looking at separation algebras with Boolean BI-eyes In: Diaz, J., Lanese, I., Sangiorgi, D (eds.) TCS 2014 LNCS, vol 8705, pp 326–340 Springer, Heidelberg (2014) doi:10.1007/978-3-662-44602-7 25 25 Lee, W., Park, S.: A proof system for separation logic with magic wand In: POPL, pp 477–490 ACM (2014) 26 Maeda, T., Sato, H., Yonezawa, A.: Extended alias type system using separating implication In: TLDI, pp 29–42 ACM (2011) 27 P´erez, J.A.N., Rybalchenko, A.: Separation logic + superposition calculus = heap theorem prover In: PLDI ACM (2011) 28 O’Hearn, P.W., Pym, D.J.: The logic of bunched implications BSL 5(2), 215–244 (1999) 29 O’Hearn, P., Reynolds, J., Yang, H.: Local Reasoning about Programs that Alter Data Structures In: Fribourg, L (ed.) CSL 2001 LNCS, vol 2142, pp 1–19 Springer, Heidelberg (2001) doi:10.1007/3-540-44802-0 30 Park, J., Seo, J., Park, S.: A theorem prover for Boolean BI In: POPL 2013, New York, NY, USA, pp 219–232 (2013) 31 Reynolds, J.C.: Separation logic: a logic for shared mutable data structures In: LICS, pp 55–74 IEEE (2002) 32 Schroeder-Heister, Peter: Definitional reflection and the completion In: Dyckhoff, Roy (ed.) ELP 1993 LNCS, vol 798, pp 333–347 Springer, Heidelberg (1994) doi:10.1007/3-540-58025-5 65 33 Thakur, A., Breck, J., Reps, T.: Satisfiability modulo abstraction for separation logic with linked lists In: SPIN 2014, pp 58–67 (2014) 34 Troelstra, A.S., Schwichtenberg, H.: Basic Proof Theory Cambridge University Press, New York (1996) 35 Vafeiadis, V., Parkinson, M.: A marriage of rely/guarantee and separation logic In: Caires, L., Vasconcelos, V.T (eds.) CONCUR 2007 LNCS, vol 4703, pp 256–271 Springer, Heidelberg (2007) doi:10.1007/978-3-540-74407-8 18 Author Index Abe, Tatsuya 63 Accattoli, Beniamino 206 Arai, Ryoya 148 Balat, Vincent 377 Bi, Xuan 251 Binder, Walter 139 Maeda, Toshiyuki 63 Narasimhan, Priya 42 Nguyen, Nam 87 Oh, Hakjoo 25 Oliveira, Bruno C.d.S 251 Cha, Sooyoung 25 Chen, Lydia Y 139 Chin, Wei-Ngan 423 Pfenning, Frank de’Liguoro, Ugo 187 DeYoung, Henry Dougherty, Daniel J 187 Raad, Azalea 314, 401 Radanne, Gabriel 377 Rosà, Andrea 139 Fragoso Santos, José 401 Sato, Shigeyuki 148 Scagnetto, Ivan 229 Stadtmüller, Kai 116 Stolze, Claude 187 Sudo, Yuto 271 Sulzmann, Martin 116 Sumii, Eijiro 171 Gandhi, Rajeev 42 Gardner, Philippa 314, 401 Guerrieri, Giulio 206 Hobor, Aquinas 314 Honsell, Furio 229 Horne, Ross 87 Hóu, Zhé 444 Hüttel, Hans 96 Iwasaki, Hideya 148 Jeong, Sehun 25 Tan, Jiaqi 42 Tatsuta, Makoto 423 Tay, Hui Jun 42 Terao, Taku 295 Thiemann, Peter 116 Tiu, Alwen 87, 444 Tsukada, Takeshi 295, 335 Kameyama, Yukiyoshi 271 Kiselyov, Oleg 271, 357 Kobayashi, Naoki 295, 335 Villard, Jules 314 Vouillon, Jérôme 377 Le, Quang Loc 423 Lenisa, Marina 229 Liquori, Luigi 187, 229 Yachi, Taichi 171 Yang, Yanpeng 251 Yasukata, Kazuhide 335 ... Switzerland Preface This volume contains the proceedings of the 14th Asian Symposium on Programming Languages and Systems (APLAS 2016) , held in Hanoi, Vietnam, during November 21–23, 2016 APLAS. .. http://www.springer.com/series/7408 Atsushi Igarashi (Ed.) Programming Languages and Systems 14th Asian Symposium, APLAS 2016 Hanoi, Vietnam, November 21–23, 2016 Proceedings 123 Editor Atsushi Igarashi Kyoto... aims to stimulate programming language research by providing a forum for the presentation of the latest results and the exchange of ideas in programming languages and systems APLAS is based in