Abstract
We present a concurrent-read exclusive-write buffer system with strong correctness and security properties. Our motivating application for this system is the distribution of sensor values in a multicomponent vehicle-control system, where some components are unverified and possibly malicious, and other components are vehicle-control-critical and must be verified. Valid participants are guaranteed correct communication (i.e., the writer is always able to write to an unused buffer, and readers always read the most recently published value), while invalid readers or writers cannot compromise the correctness or liveness of valid participants. There is only one writer, all operations are wait-free, and there is no extra process or thread mediating communication. We prove the correctness of the system with valid participants by formally verifying a C implementation of the system in Coq, using the Verified Software Toolchain extended with an atomic exchange operation. The result is the first C-level mechanized verification of a nonblocking communication protocol.
- Andrew W. Appel, Robert Dockins, Aquinas Hobor, Lennart Beringer, Josiah Dodds, Gordon Stewart, Sandrine Blazy, and Xavier Leroy. 2014. Program Logics for Certified Compilers. Cambridge University Press, New York, NY, USA. Google Scholar
Cross Ref
- Stefan Blom, Marieke Huisman, and Marina Zaharieva-Stojanovski. 2015. History-Based Verification of Functional Behaviour of Concurrent Programs. In Proceedings of the 13th International Conference on Software Engineering and Formal Methods (SEFM 2015) (Lecture Notes in Computer Science), Radu Calinescu and Bernhard Rumpe (Eds.), Vol. 9276. Springer, 84–98. Google Scholar
Cross Ref
- Darren Cofer and Michael Whalen. 2013. Secure Mathematically-Assured Composition of Control Models (SMACCM). (2013). https://wiki.sei.cmu.edu/aadl/images/f/f6/SMACCM- TA4- whalen- 42013.pdfGoogle Scholar
- P. J. Courtois, F. Heymans, and D. L. Parnas. 1971. Concurrent Control with “Readers” and “Writers”. Commun. ACM 14, 10 (Oct. 1971), 667–668. Google Scholar
Digital Library
- Marko Doko and Viktor Vafeiadis. 2017. Tackling Real-Life Relaxed Concurrency with FSL++. In Proceedings of the 26th European Symposium on Programming (ESOP 2017) (Lecture Notes in Computer Science), Hongseok Yang (Ed.), Vol. 10201. 448–475. Google Scholar
Digital Library
- Aquinas Hobor, Andrew W. Appel, and Francesco Zappa Nardelli. 2008. Oracle Semantics for Concurrent Separation Logic. In Proceedings of the 17th European Symposium on Programming (ESOP 2008) (Lecture Notes in Computer Science), Sophia Drossopoulou (Ed.), Vol. 4960. Springer, 353–367. Google Scholar
Cross Ref
- Gerard J. Holzmann. 1990. Design and Validation of Protocols. Tutorial Computer Networks and ISDN Systems 25 (1990), 981–1017. Google Scholar
Digital Library
- Bart Jacobs and Frank Piessens. 2011. Expressive Modular Fine-grained Concurrency Specification. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’11). ACM, New York, NY, USA, 271–282. Google Scholar
Digital Library
- Ralf Jung, Robbert Krebbers, Lars Birkedal, and Derek Dreyer. 2016. Higher-order Ghost State. In Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming (ICFP 2016). ACM, New York, NY, USA, 256–269. Google Scholar
Digital Library
- Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal Verification of an OS Kernel. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles (SOSP ’09). ACM, New York, NY, USA, 207–220. Google Scholar
Digital Library
- Xavier Leroy. 2009. Formal verification of a realistic compiler. Commun. ACM 52, 7 (2009), 107–115. http://gallium.inria.fr/ ~xleroy/publi/compcert- CACM.pdf Google Scholar
Digital Library
- Paul E. McKenney. 2007. Using Promela and Spin to verify parallel algorithms. (1 August 2007). Available: http://lwn.net/ Articles/243851/ .Google Scholar
- Paul E. McKenney and John D. Slingwine. 1998. Read-Copy Update: Using Execution History to Solve Concurrency Problems. In Parallel and Distributed Computing and Systems. Las Vegas, NV, 509–518.Google Scholar
- Peter W. OHearn. 2007. Resources, Concurrency, and Local Reasoning. Theor. Comput. Sci. 375, 1-3 (April 2007), 271–307. Google Scholar
Digital Library
- Susan Owicki and David Gries. 1976. An axiomatic proof technique for parallel programs I. Acta Informatica 6, 4 (1976), 319–340. Google Scholar
Digital Library
- Matthew Parkinson, Richard Bornat, and Peter O’Hearn. 2007. Modular Verification of a Non-blocking Stack. In Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’07). ACM, New York, NY, USA, 297–302. Google Scholar
Digital Library
- Morgan Quigley, Ken Conley, Brian P. Gerkey, Josh Faust, Tully Foote, Jeremy Leibs, Rob Wheeler, and Andrew Y. Ng. 2009. ROS: an open-source Robot Operating System. In ICRA Workshop on Open Source Software.Google Scholar
- Ilya Sergey, Aleksandar Nanevski, and Anindya Banerjee. 2015. Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity. In Proceedings of the 24th European Symposium on Programming (ESOP 2015) (Lecture Notes in Computer Science), Jan Vitek (Ed.), Vol. 9032. Springer, 333–358. Google Scholar
Digital Library
- Joseph Tassarotti, Derek Dreyer, and Viktor Vafeiadis. 2015. Verifying Read-copy-update in a Logic for Weak Memory. (2015), 110–120. Google Scholar
Digital Library
- Viktor Vafeiadis and Chinmay Narayan. 2013. Relaxed separation logic: a program logic for C11 concurrency. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA 2013), Antony L. Hosking, Patrick Th. Eugster, and Cristina V. Lopes (Eds.). ACM, 867–884. Google Scholar
Digital Library
Index Terms
A verified messaging system
Recommendations
Formal Reasoning about Concurrent Assembly Code with Reentrant Locks
TASE '09: Proceedings of the 2009 Third IEEE International Symposium on Theoretical Aspects of Software EngineeringThis paper focuses on the problem of reasoning about concurrent assembly code with reentrant locks. Our verification technique is based on concurrent separation logic (CSL). In CSL, locks are treated as non-reentrant locks and each lock is associated ...
A separation logic for refining concurrent objects
POPL '11Fine-grained concurrent data structures are crucial for gaining performance from multiprocessing, but their design is a subtle art. Recent literature has made large strides in verifying these data structures, using either atomicity refinement or ...
Proving correctness of highly-concurrent linearisable objects
PPoPP '06: Proceedings of the eleventh ACM SIGPLAN symposium on Principles and practice of parallel programmingWe study a family of implementations for linked lists using fine-grain synchronisation. This approach enables greater concurrency, but correctness is a greater challenge than for classical, coarse-grain synchronisation. Our examples are demonstrative of ...






Comments