skip to main content
research-article
Open Access

A verified messaging system

Published:12 October 2017Publication History
Skip Abstract Section

Abstract

We present a concurrent-read exclusive-write buffer system with strong correctness and security properties. Our motivating application for this system is the distribution of sensor values in a multicomponent vehicle-control system, where some components are unverified and possibly malicious, and other components are vehicle-control-critical and must be verified. Valid participants are guaranteed correct communication (i.e., the writer is always able to write to an unused buffer, and readers always read the most recently published value), while invalid readers or writers cannot compromise the correctness or liveness of valid participants. There is only one writer, all operations are wait-free, and there is no extra process or thread mediating communication. We prove the correctness of the system with valid participants by formally verifying a C implementation of the system in Coq, using the Verified Software Toolchain extended with an atomic exchange operation. The result is the first C-level mechanized verification of a nonblocking communication protocol.

References

  1. Andrew W. Appel, Robert Dockins, Aquinas Hobor, Lennart Beringer, Josiah Dodds, Gordon Stewart, Sandrine Blazy, and Xavier Leroy. 2014. Program Logics for Certified Compilers. Cambridge University Press, New York, NY, USA. Google ScholarGoogle ScholarCross RefCross Ref
  2. Stefan Blom, Marieke Huisman, and Marina Zaharieva-Stojanovski. 2015. History-Based Verification of Functional Behaviour of Concurrent Programs. In Proceedings of the 13th International Conference on Software Engineering and Formal Methods (SEFM 2015) (Lecture Notes in Computer Science), Radu Calinescu and Bernhard Rumpe (Eds.), Vol. 9276. Springer, 84–98. Google ScholarGoogle ScholarCross RefCross Ref
  3. Darren Cofer and Michael Whalen. 2013. Secure Mathematically-Assured Composition of Control Models (SMACCM). (2013). https://wiki.sei.cmu.edu/aadl/images/f/f6/SMACCM- TA4- whalen- 42013.pdfGoogle ScholarGoogle Scholar
  4. P. J. Courtois, F. Heymans, and D. L. Parnas. 1971. Concurrent Control with “Readers” and “Writers”. Commun. ACM 14, 10 (Oct. 1971), 667–668. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Marko Doko and Viktor Vafeiadis. 2017. Tackling Real-Life Relaxed Concurrency with FSL++. In Proceedings of the 26th European Symposium on Programming (ESOP 2017) (Lecture Notes in Computer Science), Hongseok Yang (Ed.), Vol. 10201. 448–475. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Aquinas Hobor, Andrew W. Appel, and Francesco Zappa Nardelli. 2008. Oracle Semantics for Concurrent Separation Logic. In Proceedings of the 17th European Symposium on Programming (ESOP 2008) (Lecture Notes in Computer Science), Sophia Drossopoulou (Ed.), Vol. 4960. Springer, 353–367. Google ScholarGoogle ScholarCross RefCross Ref
  7. Gerard J. Holzmann. 1990. Design and Validation of Protocols. Tutorial Computer Networks and ISDN Systems 25 (1990), 981–1017. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Bart Jacobs and Frank Piessens. 2011. Expressive Modular Fine-grained Concurrency Specification. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’11). ACM, New York, NY, USA, 271–282. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Ralf Jung, Robbert Krebbers, Lars Birkedal, and Derek Dreyer. 2016. Higher-order Ghost State. In Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming (ICFP 2016). ACM, New York, NY, USA, 256–269. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal Verification of an OS Kernel. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles (SOSP ’09). ACM, New York, NY, USA, 207–220. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Xavier Leroy. 2009. Formal verification of a realistic compiler. Commun. ACM 52, 7 (2009), 107–115. http://gallium.inria.fr/ ~xleroy/publi/compcert- CACM.pdf Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Paul E. McKenney. 2007. Using Promela and Spin to verify parallel algorithms. (1 August 2007). Available: http://lwn.net/ Articles/243851/ .Google ScholarGoogle Scholar
  13. Paul E. McKenney and John D. Slingwine. 1998. Read-Copy Update: Using Execution History to Solve Concurrency Problems. In Parallel and Distributed Computing and Systems. Las Vegas, NV, 509–518.Google ScholarGoogle Scholar
  14. Peter W. OHearn. 2007. Resources, Concurrency, and Local Reasoning. Theor. Comput. Sci. 375, 1-3 (April 2007), 271–307. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Susan Owicki and David Gries. 1976. An axiomatic proof technique for parallel programs I. Acta Informatica 6, 4 (1976), 319–340. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Matthew Parkinson, Richard Bornat, and Peter O’Hearn. 2007. Modular Verification of a Non-blocking Stack. In Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’07). ACM, New York, NY, USA, 297–302. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Morgan Quigley, Ken Conley, Brian P. Gerkey, Josh Faust, Tully Foote, Jeremy Leibs, Rob Wheeler, and Andrew Y. Ng. 2009. ROS: an open-source Robot Operating System. In ICRA Workshop on Open Source Software.Google ScholarGoogle Scholar
  18. Ilya Sergey, Aleksandar Nanevski, and Anindya Banerjee. 2015. Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity. In Proceedings of the 24th European Symposium on Programming (ESOP 2015) (Lecture Notes in Computer Science), Jan Vitek (Ed.), Vol. 9032. Springer, 333–358. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Joseph Tassarotti, Derek Dreyer, and Viktor Vafeiadis. 2015. Verifying Read-copy-update in a Logic for Weak Memory. (2015), 110–120. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Viktor Vafeiadis and Chinmay Narayan. 2013. Relaxed separation logic: a program logic for C11 concurrency. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA 2013), Antony L. Hosking, Patrick Th. Eugster, and Cristina V. Lopes (Eds.). ACM, 867–884. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. A verified messaging system

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!