Abstract
Weak memory models formalize the inconsistent behaviors that one can expect to observe in multithreaded programs running on modern hardware. In so doing, however, they complicate the already-difficult task of reasoning about correctness of concurrent code. Worse, they render impotent the sophisticated formal methods that have been developed to tame concurrency, which almost universally assume a strong (i.e. sequentially consistent) memory model.
This paper introduces GPS, the first program logic to provide a full-fledged suite of modern verification techniques - including ghost state, protocols, and separation logic - for high-level, structured reasoning about weak memory. We demonstrate the effectiveness of GPS by applying it to challenging examples drawn from the Linux kernel as well as lock-free data structures. We also define the semantics of GPS and prove in Coq that it is sound with respect to the axiomatic C11 weak memory model.
Supplemental Material
Available for Download
Instructions
See oopsla186.5.text for info
- Appendix and Coq development for this paper available at the following URL: http://plv.mpi-sws.org/gps/.Google Scholar
- J. Alglave, D. Kroening, V. Nimal, and M. Tautschnig. Software verification for weak memory via program transformation. In ESOP, 2013. Google Scholar
Digital Library
- M. Batty, S. Owens, S. Sarkar, P. Sewell, and T. Weber. Mathematizing C++ concurrency. In POPL, 2011. Google Scholar
Digital Library
- M. Batty, K. Memarian, S. Owens, S. Sarkar, and P. Sewell. Clarifying and compiling C/C++ concurrency: From C++11 to POWER. In POPL, 2012. Google Scholar
Digital Library
- M. Batty, M. Dodds, and A. Gotsman. Library abstraction for C/C++ concurrency. In POPL, 2013. Google Scholar
Digital Library
- H.-J. Boehm and S. V. Adve. Foundations of the C++ concurrency memory model. In PLDI, 2008. Google Scholar
Digital Library
- M. Bugliesi, S. Calzavara, F. Eigner, and M. Maffei. Logical foundations of secure resource management in protocol implementations. In POST, 2013. Google Scholar
Digital Library
- E. Cohen and B. Schirmer. From total store order to sequential consistency: A practical reduction theorem. In ITP, 2010. Google Scholar
Digital Library
- E. Cohen, M. Dahlweid, M. A. Hillebrand, D. Leinenbach, M. Moskal, T. Santen, W. Schulte, and S. Tobies. VCC: A practical system for verifying concurrent C. In TPHOLs, 2009. Google Scholar
Digital Library
- J. Corbet. Ticket spinlocks, 2008. http://lwn.net/Articles/267968/.Google Scholar
- P. da Rocha Pinto, T. Dinsdale-Young, and P. Gardner. TaDA: A logic for time and data abstraction. In ECOOP, 2014.Google Scholar
Digital Library
- E. W. Dijkstra. EWD123: Cooperating Sequential Processes. Technical report, 1965. Google Scholar
Digital Library
- T. Dinsdale-Young, M. Dodds, P. Gardner, M. Parkinson, and V. Vafeiadis. Concurrent abstract predicates. In ECOOP 2010, volume 6183 of LNCS, pages 504--528. Springer, 2010. Google Scholar
Digital Library
- T. Dinsdale-Young, L. Birkedal, P. Gardner, M. J. Parkinson, and H. Yang. Views: Compositional reasoning for concurrent programs. In POPL, 2013. Google Scholar
Digital Library
- X. Feng. Local rely-guarantee reasoning. In POPL, 2009. Google Scholar
Digital Library
- R. Ferreira, X. Feng, and Z. Shao. Parameterized memory models and concurrent separation logic. In ESOP, 2010. Google Scholar
Digital Library
- C. Flanagan, A. Sabry, B. F. Duba, and M. Felleisen. The essence of compiling with continuations. In PLDI, 1993. Google Scholar
Digital Library
- D. Howells and P. E. McKenney. Circular buffers. https://www.kernel.org/doc/Documentation/circular-buffers.txt.Google Scholar
- ISO/IEC 14882:2011. Programming language C++, 2011.Google Scholar
- ISO/IEC 9899:2011. Programming language C, 2011.Google Scholar
- J. Jensen and L. Birkedal. Fictional separation logic. In ESOP, 2012. Google Scholar
Digital Library
- C. B. Jones. Tentative steps toward a development method for interfering programs. TOPLAS, 5 (4): 596--619, 1983. Google Scholar
Digital Library
- K. R. M. Leino, P. Müller, and J. Smans. Verification of concurrent programs with Chalice. In Foundations of Security Analysis and Design V, volume 5705 of LNCS. 2009. Google Scholar
Digital Library
- R. Ley-Wild and A. Nanevski. Subjective auxiliary state for coarse-grained concurrency. In POPL, 2013. Google Scholar
Digital Library
- J. Manson, W. Pugh, and S. V. Adve. The Java memory model. In POPL, 2005. Google Scholar
Digital Library
- P. McKenney. Exploiting deferred destruction: an analysis of read-copy-update techniques in operating system kernels. PhD thesis, Oregon Graduate Institute, 2004. Google Scholar
Digital Library
- M. M. Michael and M. L. Scott. Nonblocking algorithms and preemption-safe locking on multiprogrammed shared memory multiprocessors. JPDC, 51 (1): 1--26, 1998. Google Scholar
Digital Library
- A. Nanevski, R. Ley-Wild, I. Sergey, and G. A. Delbianco. Communicating state transition systems for fine-grained concurrent resources. In ESOP, 2014.Google Scholar
Digital Library
- P. O'Hearn. Resources, concurrency, and local reasoning. Theoretical Computer Science, 375 (1): 271--307, 2007. Google Scholar
Digital Library
- S. Owens. Reasoning about the implementation of concurrency abstractions on x86-TSO. In ECOOP, 2010. Google Scholar
Digital Library
- S. Owens, S. Sarkar, and P. Sewell. A better x86 memory model: x86-TSO. In TPHOLs, 2009. Google Scholar
Digital Library
- T. Ridge. A rely-guarantee proof system for x86-TSO. In VSTTE, 2010. Google Scholar
Digital Library
- V. A. Saraswat, R. Jagadeesan, M. Michael, and C. von Praun. A theory of memory models. In PPoPP, 2007. Google Scholar
Digital Library
- A. Singh, S. Narayanasamy, D. Marino, T. Millstein, and M. Musuvathi. End-to-end sequential consistency. In ISCA, 2012. Google Scholar
Digital Library
- K. Svendsen and L. Birkedal. Impredicative concurrent abstract predicates. In ESOP, 2014.Google Scholar
Digital Library
- A. Turon, D. Dreyer, and L. Birkedal. Unifying refinement and Hoare-style reasoning in a logic for higher-order concurrency. In ICFP, 2013. Google Scholar
Digital Library
- V. Vafeiadis and C. Narayan. Relaxed separation logic: A program logic for C11 concurrency. In OOPSLA, 2013. Google Scholar
Digital Library
- V. Vafeiadis and M. Parkinson. A marriage of rely/guarantee and separation logic. In CONCUR, 2007. Google Scholar
Digital Library
- I. Wehrman and J. Berdine. A proposal for weak-memory local reasoning. In LOLA, 2011.Google Scholar
- M. Dodds, X. Feng, M. Parkinson, and V. Vafeiadis. Deny-guarantee reasoning. In ESOP, 2009. Google Scholar
Digital Library
Index Terms
GPS: navigating weak memory with ghosts, protocols, and separation
Recommendations
GPS: navigating weak memory with ghosts, protocols, and separation
OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & ApplicationsWeak memory models formalize the inconsistent behaviors that one can expect to observe in multithreaded programs running on modern hardware. In so doing, however, they complicate the already-difficult task of reasoning about correctness of concurrent ...
Verifying read-copy-update in a logic for weak memory
PLDI '15Read-Copy-Update (RCU) is a technique for letting multiple readers safely access a data structure while a writer concurrently modifies it. It is used heavily in the Linux kernel in situations where fast reads are important and writes are infrequent. ...
Verifying read-copy-update in a logic for weak memory
PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and ImplementationRead-Copy-Update (RCU) is a technique for letting multiple readers safely access a data structure while a writer concurrently modifies it. It is used heavily in the Linux kernel in situations where fast reads are important and writes are infrequent. ...







Comments