skip to main content

Cosmo: a concurrent separation logic for multicore OCaml

Published:03 August 2020Publication History
Skip Abstract Section

Abstract

Multicore OCaml extends OCaml with support for shared-memory concurrency. It is equipped with a weak memory model, for which an operational semantics has been published. This begs the question: what reasoning rules can one rely upon while writing or verifying Multicore OCaml code? To answer it, we instantiate Iris, a modern descendant of Concurrent Separation Logic, for Multicore OCaml. This yields a low-level program logic whose reasoning rules expose the details of the memory model. On top of it, we build a higher-level logic, Cosmo, which trades off some expressive power in return for a simple set of reasoning rules that allow accessing nonatomic locations in a data-race-free manner, exploiting the sequentially-consistent behavior of atomic locations, and exploiting the release/acquire behavior of atomic locations. Cosmo allows both low-level reasoning, where the details of the Multicore OCaml memory model are apparent, and high-level reasoning, which is independent of this memory model. We illustrate this claim via a number of case studies: we verify several implementations of locks with respect to a classic, memory-model-independent specification. Thus, a coarse-grained application that uses locks as the sole means of synchronization can be verified in the Concurrent-Separation-Logic fragment of Cosmo, without any knowledge of the weak memory model.

Skip Supplemental Material Section

Supplemental Material

Presentation at ICFP '20

References

  1. Mark Batty, Scott Owens, Susmit Sarkar, Peter Sewell, and Tjark Weber. 2011. Mathematizing C+ + concurrency. In Principles of Programming Languages (POPL). 55-66. https://www.cl.cam.ac.uk/~pes20/cpp/popl085ap-sewell.pdfGoogle ScholarGoogle Scholar
  2. John Bender and Jens Palsberg. 2019. A formalization of Java's concurrent access modes. Proceedings of the ACM on Programming Languages 3, OOPSLA ( 2019 ), 142 : 1-142 : 28. https://johnbender.us/assets/oopsla-2019.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  3. Lars Birkedal and Aleš Bizjak. 2018. Lecture Notes on Iris: Higher-Order Concurrent Separation Logic. (Dec. 2018 ). https://iris-project. org/tutorial-pdfs/iris-lecture-notes.pdf Lectures notes.Google ScholarGoogle Scholar
  4. Richard Bornat, Cristiano Calcagno, Peter O'Hearn, and Matthew Parkinson. 2005. Permission accounting in separation logic. In Principles of Programming Languages (POPL). 259-270. http://www.cs.ucl.ac.uk/staf/p.ohearn/papers/permissions_paper.pdfGoogle ScholarGoogle Scholar
  5. John Boyland. 2003. Checking Interference with Fractional Permissions. In Static Analysis Symposium (SAS) (Lecture Notes in Computer Science, Vol. 2694 ). Springer, 55-72. http://www.cs.uwm.edu/~boyland/papers/permissions.pdfGoogle ScholarGoogle Scholar
  6. Alexandre Buisse, Lars Birkedal, and Kristian Støvring. 2011. A Step-Indexed Kripke Model of Separation Logic for Storable Locks. Electronic Notes in Theoretical Computer Science 276 ( Sept. 2011 ), 121-143. https://cs.au.dk/~birke/papers/locks.pdfGoogle ScholarGoogle Scholar
  7. Hoang-Hai Dang, Jacques-Henri Jourdan, Jan-Oliver Kaiser, and Derek Dreyer. 2020. RustBelt meets relaxed memory. Proceedings of the ACM on Programming Languages 4, POPL ( 2020 ), 34 : 1-34 : 29. https://hal.inria.fr/hal-02351793/Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Marko Doko and Viktor Vafeiadis. 2016. A Program Logic for C11 Memory Fences. In Verification, Model Checking and Abstract Interpretation (VMCAI) (Lecture Notes in Computer Science, Vol. 9583 ). Springer, 413-430. https://plv.mpisws.org/fsl/base/paper.pdfGoogle ScholarGoogle Scholar
  9. Marko Doko and Viktor Vafeiadis. 2017. Tackling Real-Life Relaxed Concurrency with FSL++. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science, Vol. 10201 ). Springer, 448-475. https://plv.mpi-sws.org/fsl/ARC/ paper.pdfGoogle ScholarGoogle ScholarCross RefCross Ref
  10. Stephan Dolan, Anil Madhavapeddy, and KC Sivaramakrishnan. 2018a. The Multicore OCaml development wiki. https: //github.com/ocaml-multicore/ocaml-multicore/wikiGoogle ScholarGoogle Scholar
  11. Stephen Dolan, K. C. Sivaramakrishnan, and Anil Madhavapeddy. 2018b. Bounding data races in space and time. In Programming Language Design and Implementation (PLDI). 242-255. http://kcsrk.info/papers/pldi18-memory.pdfGoogle ScholarGoogle Scholar
  12. Alexey Gotsman, Josh Berdine, Byron Cook, Noam Rinetzky, and Mooly Sagiv. 2007. Local Reasoning for Storable Locks and Threads. In Asian Symposium on Programming Languages and Systems (APLAS) (Lecture Notes in Computer Science, Vol. 4807 ). Springer, 19-37. http://dx.doi.org/10.1007/978-3-540-76637-7_3 Google ScholarGoogle ScholarCross RefCross Ref
  13. Aquinas Hobor, Andrew W. Appel, and Francesco Zappa Nardelli. 2008. Oracle Semantics for Concurrent Separation Logic. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science, Vol. 4960 ). Springer, 353-367. http://www.cs.princeton.edu/~appel/papers/concurrent.pdfGoogle ScholarGoogle Scholar
  14. Ralf Jung. 2019. Logical Atomicity in Iris: the Good, the Bad, and the Ugly. Iris Workshop. https://people.mpi-sws.org/ ~jung/iris/logatom-talk-2019.pdfGoogle ScholarGoogle Scholar
  15. Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2018a. RustBelt: securing the foundations of the Rust programming language. Proceedings of the ACM on Programming Languages 2, POPL ( 2018 ), 66 : 1-66 : 34. https://people.mpi-sws.org/~dreyer/papers/rustbelt/paper.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  16. Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Aleš Bizjak, Lars Birkedal, and Derek Dreyer. 2018b. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. Journal of Functional Programming 28 ( 2018 ), e20. https://people.mpi-sws.org/~dreyer/papers/iris-ground-up/paper.pdfGoogle ScholarGoogle Scholar
  17. Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: monoids and invariants as an orthogonal basis for concurrent reasoning. In Principles of Programming Languages (POPL). 637-650. http://plv.mpi-sws.org/iris/paper.pdfGoogle ScholarGoogle Scholar
  18. Jan-Oliver Kaiser, Hoang-Hai Dang, Derek Dreyer, Ori Lahav, and Viktor Vafeiadis. 2017. Strong Logic for Weak Memory: Reasoning About Release-Acquire Consistency in Iris. In European Conference on Object-Oriented Programming (ECOOP). 17 : 1-17 : 29. https://people.mpi-sws.org/~dreyer/papers/iris-weak/paper.pdfGoogle ScholarGoogle Scholar
  19. Ori Lahav, Viktor Vafeiadis, Jeehoon Kang, Chung-Kil Hur, and Derek Dreyer. 2017. Repairing sequential consistency in C/C++11. In Programming Language Design and Implementation (PLDI ). 618-632. https://plv.mpi-sws.org/scfix/paper.pdfGoogle ScholarGoogle Scholar
  20. Leslie Lamport. 1979. How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs. IEEE Trans. Computers 28, 9 ( 1979 ), 690-691. https://www.microsoft.com/en-us/research/uploads/prod/2016/12/How-toMake-a-Multiprocessor-Computer-That-Correctly-Executes-Multiprocess-Programs.pdfGoogle ScholarGoogle Scholar
  21. Xavier Leroy, Damien Doligez, Alain Frisch, Jacques Garrigue, Didier Rémy, and Jérôme Vouillon. 2019. The OCaml system: documentation and user's manual. http://caml.inria.fr/pub/docs/manual-ocaml/Google ScholarGoogle Scholar
  22. Andreas Lochbihler. 2012. Java and the Java Memory Model-A Unified, Machine-Checked Formalisation. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science, Vol. 7211 ). Springer, 497-517. https://ethz.ch/content/ dam/ethz/special-interest/infk/inst-infsec/information-security-group-dam/people/andreloc/lochbihler12esop.pdfGoogle ScholarGoogle Scholar
  23. Jeremy Manson, William Pugh, and Sarita V. Adve. 2005. The Java memory model. In Principles of Programming Languages (POPL). 378-391. http://rsim.cs.uiuc.edu/Pubs/popl05.pdfGoogle ScholarGoogle Scholar
  24. Glen Mével, Jacques-Henri Jourdan, and François Pottier. 2020. Coq proofs for Cosmo. https://gitlab.inria.fr/gmevel/cosmo.Google ScholarGoogle Scholar
  25. Peter W. O'Hearn. 2007. Resources, Concurrency and Local Reasoning. Theoretical Computer Science 375, 1-3 (May 2007 ), 271-307. http://www.cs.ucl.ac.uk/staf/p.ohearn/papers/concurrency.pdfGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  26. Peter W. O'Hearn. 2019. Separation logic. Commun. ACM 62, 2 ( 2019 ), 86-95. https://doi.org/10.1145/3211968 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Matthew J. Parkinson, Richard Bornat, and Peter W. O'Hearn. 2007. Modular verification of a non-blocking stack. In Principles of Programming Languages (POPL). 297-302. https://doi.org/10.1145/1190216.1190261 Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Michel Raynal. 2013. Concurrent Programming: Algorithms, Principles, and Foundations. Springer. https://doi.org/10.1007/978-3-642-32027-9 Google ScholarGoogle ScholarCross RefCross Ref
  29. Filip Sieczkowski, Kasper Svendsen, Lars Birkedal, and Jean Pichon-Pharabod. 2015. A Separation Logic for Fictional Sequential Consistency. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science, Vol. 9032 ). Springer, 736-761. https://www.cl.cam.ac.uk/~jp622/ a_separation_logic_for_fictional_sequential_consistency.pdfGoogle ScholarGoogle ScholarCross RefCross Ref
  30. Aaron Turon. 2012. Reagents: expressing and composing fine-grained concurrency. In Programming Language Design and Implementation (PLDI). 157-168. https://aturon.github.io/academic/reagents.pdfGoogle ScholarGoogle Scholar
  31. Aaron Turon, Viktor Vafeiadis, and Derek Dreyer. 2014. GPS: navigating weak memory with ghosts, protocols, and separation. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA). 691-707. http://plv.mpisws.org/gps/paper.pdfGoogle ScholarGoogle Scholar
  32. Viktor Vafeiadis. 2017. Program Verification Under Weak Memory Consistency Using Separation Logic. In Computer Aided Verification (CAV) (Lecture Notes in Computer Science, Vol. 10426 ). Springer, 30-46. https://people.mpi-sws.org/~viktor/ papers/cav2017-invited.pdfGoogle ScholarGoogle ScholarCross RefCross Ref
  33. Viktor Vafeiadis and Chinmay Narayan. 2013. Relaxed separation logic: a program logic for C11 concurrency. In ObjectOriented Programming, Systems, Languages, and Applications (OOPSLA). 867-884. https://people.mpi-sws.org/~viktor/ papers/oopsla2013-rsl.pdfGoogle ScholarGoogle Scholar
  34. Andrew K. Wright and Matthias Felleisen. 1994. A Syntactic Approach to Type Soundness. Information and Computation 115, 1 (Nov. 1994 ), 38-94. http://www.cs.rice.edu/CS/PLT/Publications/Scheme/ic94-wf.ps.gzGoogle ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Cosmo: a concurrent separation logic for multicore OCaml

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!