This paper addresses the challenge of verifying contextual refinement for higher-order concurrent probabilistic programs under higher-order local state. To this end, we introduce Foxtrot—the first separation logic designed specifically for this setting, unifying reasoning about concurrency, probabilistic behavior, and higher-order state. Methodologically, built upon the Iris framework, Foxtrot innovatively incorporates tape-based pre-sampling modeling, ghost resources, and error-amplifying induction; notably, it is the first Iris-based logic to employ a variant of the Axiom of Choice to ensure logical soundness. All developments are fully mechanized in the Rocq proof assistant. Experimental evaluation establishes contextual refinements for von Neumann’s fair-coin algorithm and the `randombytes_uniform` function from the Sodium cryptographic library. This work provides the first scalable, formally verified logical foundation for contextual refinement verification of higher-order concurrent probabilistic programs.

We present Foxtrot, the first higher-order separation logic for proving contextual refinement of higher-order concurrent probabilistic programs with higher-order local state. From a high level, Foxtrot inherits various concurrency reasoning principles from standard concurrent separation logic, e.g. invariants and ghost resources, and supports advanced probabilistic reasoning principles for reasoning about complex probability distributions induced by concurrent threads, e.g. tape presampling and induction by error amplification. The integration of these strong reasoning principles is highly non-trivial due to the combination of probability and concurrency in the language and the complexity of the Foxtrot model; the soundness of the logic relies on a version of the axiom of choice within the Iris logic, which is not used in earlier work on Iris-based logics. We demonstrate the expressiveness of Foxtrot on a wide range of examples, including the adversarial von Neumann coin and the $mathsf{randombytes_uniform}$ function of the Sodium cryptography software library. All results have been mechanized in the Rocq proof assistant and the Iris separation logic framework.