Abstract
We study the problem of verifying the robustness of concurrent programs against a C11-style memory model that includes relaxed accesses and release/acquire accesses and fences, and show that this verification problem can be reduced to a standard reachability problem under sequential consistency. We further observe that existing robustness notions do not allow the verification of programs that use speculative reads as in the sequence lock mechanism, and introduce a novel "observational robustness" property that fills this gap. In turn, we show how to soundly check for observational robustness. We have implemented our method and applied it to several challenging concurrent algorithms, demonstrating the applicability of our approach. To the best of our knowledge, this is the first method for verifying robustness against a programming language concurrency model that includes relaxed accesses and release/acquire fences.
- Parosh Aziz Abdulla, Jatin Arora, Mohamed Faouzi Atig, and Shankaranarayanan Krishna. 2019. Verification of programs under the release-acquire semantics. In PLDI. ACM, New York, NY, USA, 1117-1132. https://doi.org/10.1145/3314221. 3314649 Google Scholar
Digital Library
- Parosh Aziz Abdulla, Mohamed Faouzi Atig, Magnus Lång, and Tuan Phong Ngo. 2015b. Precise and sound automatic fence insertion procedure under PSO. In NETYS. Springer International Publishing, Cham, 32-47.Google Scholar
- Parosh Aziz Abdulla, Mohamed Faouzi Atig, and Tuan-Phong Ngo. 2015a. The best of both worlds: Trading eficiency and optimality in fence insertion for TSO. In ESOP. Springer-Verlag New York, Inc., New York, 308-332. https://doi.org/10. 1007/978-3-662-46669-8_13 Google Scholar
Digital Library
- Sarita V. Adve and Mark D. Hill. 1990. Weak ordering-a new definition. In ISCA. ACM, New York, 2-14. https://doi.org/10. 1145/325164.325100 Google Scholar
Digital Library
- Jade Alglave, Daniel Kroening, Vincent Nimal, and Daniel Poetzl. 2017. Don't sit on the fence: a static analysis approach to automatic fence insertion. ACM Trans. Program. Lang. Syst. 39, 2, Article 6 (May 2017 ), 38 pages. https://doi.org/10.1145/ 2994593 Google Scholar
Digital Library
- Jade Alglave and Luc Maranget. 2011. Stability in weak memory models. In CAV. Springer-Verlag, Berlin, Heidelberg, 50-66. http://dl.acm.org/citation.cfm?id= 2032305. 2032311Google Scholar
Digital Library
- Jade Alglave, Luc Maranget, and Michael Tautschnig. 2014. Herding cats: modelling, simulation, testing, and data mining for weak memory. ACM Trans. Program. Lang. Syst. 36, 2, Article 7 ( July 2014 ), 74 pages. https://doi.org/10.1145/2627752 Google Scholar
Digital Library
- Mohamed Faouzi Atig, Ahmed Bouajjani, Sebastian Burckhardt, and Madanlal Musuvathi. 2010. On the verification problem for weak memory models. In POPL. ACM, New York, 7-18. https://doi.org/10.1145/1706299.1706303 Google Scholar
Digital Library
- Mohamed Faouzi Atig, Ahmed Bouajjani, Sebastian Burckhardt, and Madanlal Musuvathi. 2012. What's decidable about weak memory models?. In ESOP. Springer-Verlag, Berlin, Heidelberg, 26-46. https://doi.org/10.1007/978-3-642-28869-2_2 Google Scholar
Digital Library
- Helge Bahmann and Tim Blechmann. 2012. Atomic usage examples. Retrieved june 08, 2020 from https://www.boost.org/ doc/libs/1_55_0/doc/html/atomic/usage_examples.htmlGoogle Scholar
- Mark Batty, Scott Owens, Susmit Sarkar, Peter Sewell, and Tjark Weber. 2011. Mathematizing C+ + concurrency. In POPL. ACM, New York, 55-66. https://doi.org/10.1145/1925844.1926394 Google Scholar
Digital Library
- Sidi Mohamed Beillahi, Ahmed Bouajjani, and Constantin Enea. 2019a. Checking robustness against snapshot isolation. In Computer Aided Verification. Springer International Publishing, Cham, 286-304.Google Scholar
- Sidi Mohamed Beillahi, Ahmed Bouajjani, and Constantin Enea. 2019b. Robustness against transactional causal consistency. In CONCUR 2019, Vol. 140. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 30 : 1-30 : 18. https: //doi.org/10.4230/LIPIcs.CONCUR. 2019.30 Google Scholar
Cross Ref
- Giovanni Bernardi and Alexey Gotsman. 2016. Robustness against consistency models with atomic visibility. In CONCUR. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 7 : 1-7 : 15. https://doi.org/10.4230/LIPIcs. CONCUR. 2016.7 Google Scholar
Cross Ref
- Hans-J. Boehm. 2012. Can Seqlocks get along with programming language memory models?. In MSPC. ACM, New York, 12-20. https://doi.org/10.1145/2247684.2247688 Google Scholar
Digital Library
- Hans-J. Boehm and Brian Demsky. 2014. Outlawing ghosts: avoiding out-of-thin-air results. In MSPC. ACM, New York, NY, USA, Article 7, 6 pages. https://doi.org/10.1145/2618128.2618134 Google Scholar
Digital Library
- Hans-J Boehm, Olivier Giroux, and Viktor Vafeiades. 2018. P0982R1: Weaken release sequences. http://www.openstd.org/jtc1/sc22/wg21/docs/papers/2018/p0982r1.html. Accessed: 2020-05-27.Google Scholar
- Ahmed Bouajjani, Egor Derevenetc, and Roland Meyer. 2013. Checking and enforcing robustness against TSO. In ESOP. Springer-Verlag, Berlin, Heidelberg, 533-553. https://doi.org/10.1007/978-3-642-37036-6_29 Google Scholar
Digital Library
- Ahmed Bouajjani, Constantin Enea, Suha Orhun Mutluergil, and Serdar Tasiran. 2018. Reasoning about TSO programs using reduction and abstraction. In CAV. Springer, Cham, 336-353.Google Scholar
- Ahmed Bouajjani, Roland Meyer, and Eike Möhlmann. 2011. Deciding robustness against total store ordering. In ICALP. Springer, Berlin, Heidelberg, 428-440.Google Scholar
Digital Library
- Lucas Brutschy, Dimitar Dimitrov, Peter Müller, and Martin Vechev. 2018. Static serializability analysis for causal consistency. In PLDI. ACM, New York, 90-104. https://doi.org/10.1145/3192366.3192415 Google Scholar
Digital Library
- Sebastian Burckhardt, Rajeev Alur, and Milo M. K. Martin. 2007. CheckFence: checking consistency of concurrent data types on relaxed memory models. In PLDI. ACM, New York, 12-21. https://doi.org/10.1145/1250734.1250737 Google Scholar
Digital Library
- Sebastian Burckhardt and Madanlal Musuvathi. 2008. Efective program verification for relaxed memory models. In CAV. Springer-Verlag, Berlin, Heidelberg, 107-120. https://doi.org/10.1007/978-3-540-70545-1_12 Google Scholar
Digital Library
- Jabob Burnim, Koushik Sen, and Christos Stergiou. 2011. Sound and complete monitoring of sequential consistency for relaxed memory models. In TACAS. Springer, Berlin, Heidelberg, 11-25.Google Scholar
- David Chase and Yossi Lev. 2005. Dynamic circular work-stealing deque. In SPAA. ACM, New York, NY, USA, 21-28. https://doi.org/10.1145/1073970.1073974 Google Scholar
Digital Library
- Sadegh Dalvandi, Simon Doherty, Brijesh Dongol, and Heike Wehrheim. 2020. Owicki-Gries Reasoning for C11 RAR. In ECOOP, Vol. 166. Schloss Dagstuhl-Leibniz-Zentrum für Informatik, Dagstuhl, Germany, 11 : 1-11 : 26. https://doi.org/10. 4230/LIPIcs.ECOOP. 2020.11 Google Scholar
Cross Ref
- Hoang-Hai Dang, Jacques-Henri Jourdan, Jan-Oliver Kaiser, and Derek Dreyer. 2019. RustBelt meets relaxed memory. Proc. ACM Program. Lang. 4, POPL, Article 34 ( Dec. 2019 ), 29 pages. https://doi.org/10.1145/3371102 Google Scholar
Digital Library
- Egor Derevenetc. 2015. Robustness against relaxed memory models. Ph.D. Dissertation. University of Kaiserslautern. http://kluedo.ub.uni-kl.de/frontdoor/index/index/docId/4074Google Scholar
- Egor Derevenetc and Roland Meyer. 2014. Robustness against Power is PSpace-complete. In ICALP. Springer, Berlin, Heidelberg, 158-170.Google Scholar
- Simon Doherty, Brijesh Dongol, Heike Wehrheim, and John Derrick. 2019. Verifying C11 programs operationally. In PPoPP. ACM, New York, 355-365. https://doi.org/10.1145/3293883.3295702 Google Scholar
Digital Library
- Marko Doko and Viktor Vafeiadis. 2017. Tackling real-life relaxed concurrency with FSL++. In ESOP. Springer Berlin Heidelberg, Berlin, Heidelberg, 448-475.Google Scholar
- Alan Fekete, Dimitrios Liarokapis, Elizabeth O'Neil, Patrick O'Neil, and Dennis Shasha. 2005. Making snapshot isolation serializable. ACM Trans. Database Syst. 30, 2 ( June 2005 ), 492-528. https://doi.org/10.1145/1071610.1071615 Google Scholar
Digital Library
- Shaked Flur, Kathryn E. Gray, Christopher Pulte, Susmit Sarkar, Ali Sezgin, Luc Maranget, Will Deacon, and Peter Sewell. 2016. Modelling the ARMv8 architecture, operationally: concurrency and ISA. In POPL. ACM, New York, 608-621. https://doi.org/10.1145/2837614.2837615 Google Scholar
Digital Library
- Kourosh Gharachorloo, Sarita V. Adve, Anoop Gupta, John L. Hennessy, and Mark D. Hill. 1992. Programming for diferent memory consistency models. J. Parallel and Distrib. Comput. 15, 4 ( 1992 ), 399-407. https://doi.org/10.1016/ 0743-7315 ( 92 ) 90052-O Google Scholar
Cross Ref
- Alexey Gotsman, Madanlal Musuvathi, and Hongseok Yang. 2012. Show no weakness: sequentially consistent specifications of TSO libraries. In DISC. Springer-Verlag, Berlin, Heidelberg, 31-45. https://doi.org/10.1007/978-3-642-33651-5_3 Google Scholar
Digital Library
- Gerard J. Holzmann. 1997. The model checker SPIN. IEEE Transactions on software engineering 23, 5 ( 1997 ), 279-295.Google Scholar
Digital Library
- Jeehoon Kang. 2018. Deque proof. Retrieved June 11, 2020 from https://github.com/jeehoonkang/crossbeam-rfcs/blob/dequeproof/text/2018-01-07-deque-proof.mdGoogle Scholar
- Michalis Kokologiannakis, Ori Lahav, Konstantinos Sagonas, and Viktor Vafeiadis. 2017. Efective stateless model checking for C/C++ concurrency. Proc. ACM Program. Lang. 2, POPL, Article 17 ( Dec. 2017 ), 32 pages. https://doi.org/10.1145/3158105 Google Scholar
Digital Library
- Dexter Kozen. 1977. Lower bounds for natural proof systems. In SFCS. IEEE Computer Society, Washington, 254-266. https://doi.org/10.1109/SFCS. 1977.16 Google Scholar
Digital Library
- Ori Lahav and Roy Margalit. 2019. Robustness against release/acquire semantics. In PLDI. ACM, New York, NY, USA, 126-141. https://doi.org/10.1145/3314221.3314604 Google Scholar
Digital Library
- Ori Lahav, Viktor Vafeiadis, Jeehoon Kang, Chung-Kil Hur, and Derek Dreyer. 2017. Repairing sequential consistency in C/C++11. In PLDI. ACM, New York, 618-632. https://doi.org/10.1145/3062341.3062352 Google Scholar
Digital Library
- Alexander Linden and Pierre Wolper. 2011. A verification-based approach to memory fence insertion in relaxed memory systems. In SPIN. Springer-Verlag, Berlin, Heidelberg, 144-160. http://dl.acm.org/citation.cfm?id= 2032692. 2032707Google Scholar
Digital Library
- Alexander Linden and Pierre Wolper. 2013. A verification-based approach to memory fence insertion in PSO memory systems. In TACAS. Springer-Verlag, Berlin, Heidelberg, 339-353. https://doi.org/10.1007/978-3-642-36742-7_24 Google Scholar
Digital Library
- Feng Liu, Nayden Nedev, Nedyalko Prisadnikov, Martin Vechev, and Eran Yahav. 2012. Dynamic synthesis for relaxed memory models. In PLDI. ACM, New York, 429-440. https://doi.org/10.1145/2254064.2254115 Google Scholar
Digital Library
- Roy Margalit and Ori Lahav. 2020. Verifying observational robustness against a C11-style memory model. https: //www.cs.tau.ac.il/~orilahav/papers/popl21_robustness_full.pdf (full version of this paper).Google Scholar
- Kartik Nagar and Suresh Jagannathan. 2018. Automated detection of serializability violations under weak consistency. In CONCUR, Vol. 118. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 41 : 1-41 : 18. https: //doi.org/10.4230/LIPIcs.CONCUR. 2018.41 Google Scholar
Cross Ref
- Scott Owens. 2010. Reasoning about the implementation of concurrency abstractions on x86-TSO. In ECOOP. Springer-Verlag, Berlin, Heidelberg, 478-503.Google Scholar
Digital Library
- Anton Podkopaev, Ori Lahav, and Viktor Vafeiadis. 2019. Bridging the Gap Between Programming Languages and Hardware Weak Memory Models. PACMPL 3, POPL, Article 69 ( Jan. 2019 ), 31 pages. https://doi.org/10.1145/3290382 Google Scholar
Digital Library
- Rust. 2020. std::sync::Arc. Retrieved June 11, 2020 from https://doc.rust-lang.org/src/alloc/sync.rs.html# 213-216Google Scholar
- Matthew D. Sinclair, Johnathan Alsop, and Sarita V. Adve. 2017. Chasing away RAts: semantics and evaluation for relaxed atomics on heterogeneous systems. In ISCA. ACM, New York, NY, USA, 161-174. https://doi.org/10.1145/3079856.3080206 Google Scholar
Digital Library
- Viktor Vafeiadis and Chinmay Narayan. 2013. Relaxed separation logic: A program logic for C11 concurrency. In OOPSLA. ACM, New York, 867-884. https://doi.org/10.1145/2509136.2509532 Google Scholar
Digital Library
- Dmitriy V' jukov. 2008. C+ + atomics and memory ordering. Retrieved June 23, 2020 from https://bartoszmilewski.com/ 2008 /12/01/c-atomics-and-memory-ordering/#comment-111Google Scholar
- Dmitriy V' jukov. 2013. Relacy race detector. Retrieved July 06, 2020 from http://www.1024cores.net/home/relacy-racedetectorGoogle Scholar
- Anthony Williams. 2008. Peterson's lock with C++0x atomics. Retrieved October 26, 2018 from https://www. justsoftwaresolutions.co.uk/threading/petersons_lock_with_C+ +0x_atomics.htmlGoogle Scholar
- Anthony Williams. 2010. Implementing Dekker's algorithm with fences. Retrieved June 08, 2020 from https://www. justsoftwaresolutions.co.uk/threading/implementing_dekkers_algorithm_with_fences.htmlGoogle Scholar
Index Terms
Verifying observational robustness against a c11-style memory model
Recommendations
Robustness against release/acquire semantics
PLDI 2019: Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and ImplementationWe present an algorithm for automatically checking robustness of concurrent programs against C/C++11 release/acquire semantics, namely verifying that all program behaviors under release/acquire are allowed by sequential consistency. Our approach reduces ...
Verifying read-copy-update in a logic for weak memory
PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and ImplementationRead-Copy-Update (RCU) is a technique for letting multiple readers safely access a data structure while a writer concurrently modifies it. It is used heavily in the Linux kernel in situations where fast reads are important and writes are infrequent. ...
Verifying read-copy-update in a logic for weak memory
PLDI '15Read-Copy-Update (RCU) is a technique for letting multiple readers safely access a data structure while a writer concurrently modifies it. It is used heavily in the Linux kernel in situations where fast reads are important and writes are infrequent. ...






Comments