Abstract
We use Cosmo, a modern concurrent separation logic, to formally specify and verify an implementation of a multiple-producer multiple-consumer concurrent queue in the setting of the Multicore OCaml weak memory model. We view this result as a demonstration and experimental verification of the manner in which Cosmo allows modular and formal reasoning about advanced concurrent data structures. In particular, we show how the joint use of logically atomic triples and of Cosmo's views makes it possible to describe precisely in the specification the interaction between the queue library and the weak memory model.
Supplemental Material
- Mark Batty, Scott Owens, Susmit Sarkar, Peter Sewell, and Tjark Weber. 2011. Mathematizing C++ concurrency. In Principles of Programming Languages (POPL). 55–66. https://doi.org/10.1145/1926385.1926394 Google Scholar
Digital Library
- John Bender and Jens Palsberg. 2019. A formalization of Java’s concurrent access modes. Proceedings of the ACM on Programming Languages, 3, OOPSLA (2019), 142:1–142:28. https://doi.org/10.1145/3360568 Google Scholar
Digital Library
- Lars Birkedal, Thomas Dinsdale-Young, Armaël Guéneau, Guilhem Jaber, Kasper Svendsen, and Nikos Tzevelekos. 2021. Theorems for Free from Separation Logic Specifications. PACM on Programming Languages, 5, ICFP (2021), https://doi.org/10.1145/3473586Google Scholar
- Stephen Brookes and Peter W. O’Hearn. 2016. Concurrent separation logic. SIGLOG News, 3, 3 (2016), 47–65. https://doi.org/10.1145/2984450.2984457 Google Scholar
Digital Library
- Stephen D. Brookes. 2004. A Semantics for Concurrent Separation Logic. In International Conference on Concurrency Theory (CONCUR) (Lecture Notes in Computer Science, Vol. 3170). Springer, 16–34. https://doi.org/10.1007/978-3-540-28644-8_2 Google Scholar
Cross Ref
- Pedro da Rocha Pinto, Thomas Dinsdale-Young, and Philippa Gardner. 2014. TaDA: A logic for time and data abstraction. In European Conference on Object-Oriented Programming. 207–231. https://doi.org/10.1007/978-3-662-44202-9_9 Google Scholar
Digital Library
- Hoang-Hai Dang, Jacques-Henri Jourdan, Jan-Oliver Kaiser, and Derek Dreyer. 2020. RustBelt meets relaxed memory. Proceedings of the ACM on Programming Languages, 4, POPL (2020), 34:1–34:29. https://doi.org/10.1145/3371102 Google Scholar
Digital Library
- Marko Doko and Viktor Vafeiadis. 2016. A Program Logic for C11 Memory Fences. In Verification, Model Checking and Abstract Interpretation (VMCAI) (Lecture Notes in Computer Science, Vol. 9583). Springer, 413–430. https://doi.org/10.1007/978-3-662-49122-5_20 Google Scholar
Digital Library
- Stephan Dolan, Anil Madhavapeddy, and KC Sivaramakrishnan. 2020. Multicore OCaml. https://github.com/ocaml-multicore/ocaml-multicore/wikiGoogle Scholar
- Stephen Dolan, K. C. Sivaramakrishnan, and Anil Madhavapeddy. 2018. Bounding data races in space and time. In Programming Language Design and Implementation (PLDI). 242–255. https://doi.org/10.1145/3192366.3192421 Google Scholar
Digital Library
- Brijesh Dongol and John Derrick. 2015. Verifying linearisability: A comparative survey. ACM Computing Surveys (CSUR), 48, 2 (2015), 1–43. https://doi.org/10.1145/2796550 Google Scholar
Digital Library
- Michael Emmi and Constantin Enea. 2019. Weak-consistency specification via visibility relaxation. Proceedings of the ACM on Programming Languages, 3, POPL (2019), 60:1–60:28. https://doi.org/10.1145/3290373 Google Scholar
Digital Library
- Keir Fraser. 2004. Practical lock-freedom. University of Cambridge, Computer Laboratory.Google Scholar
- Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2018. ReLoC: A mechanised relational logic for fine-grained concurrency. In Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science. 442–451. https://doi.org/10.1145/3209108.3209174 Google Scholar
Digital Library
- Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2020. ReLoC Reloaded: A Mechanized Relational Logic for Fine-Grained Concurrency and Logical Atomicity. arXiv preprint arXiv:2006.13635.Google Scholar
- Iris developers and contributors. 2021. Iris examples. https://gitlab.mpi-sws.org/iris/examplesGoogle Scholar
- Bart Jacobs and Frank Piessens. 2011. Expressive modular fine-grained concurrency specification. In Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages. 271–282. https://doi.org/10.1145/1926385.1926417 Google Scholar
Digital Library
- Ralf Jung. 2019. Logical Atomicity in Iris: the Good, the Bad, and the Ugly. Iris Workshop. https://people.mpi-sws.org/~jung/iris/talk-iris2019.pdfGoogle Scholar
- Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Aleš Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. Journal of Functional Programming, 28 (2018), e20. https://doi.org/10.1017/S0956796818000151 Google Scholar
Cross Ref
- Ralf Jung, Rodolphe Lepigre, Gaurav Parthasarathy, Marianna Rapoport, Amin Timany, Derek Dreyer, and Bart Jacobs. 2020. The Future is Ours: Prophecy Variables in Separation Logic. Proceedings of the ACM on Programming Languages, 4, POPL (2020), Jan., 45:1–45:32. https://doi.org/10.1145/3371113 Google Scholar
Digital Library
- Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: monoids and invariants as an orthogonal basis for concurrent reasoning. In Principles of Programming Languages (POPL). 637–650. https://doi.org/10.1145/2775051.2676980 Google Scholar
Digital Library
- Jan-Oliver Kaiser, Hoang-Hai Dang, Derek Dreyer, Ori Lahav, and Viktor Vafeiadis. 2017. Strong Logic for Weak Memory: Reasoning About Release-Acquire Consistency in Iris. In European Conference on Object-Oriented Programming (ECOOP). 17:1–17:29. https://doi.org/10.4230/LIPIcs.ECOOP.2017.17 Google Scholar
Cross Ref
- Siddharth Krishna, Michael Emmi, Constantin Enea, and Dejan Jovanovic. 2020. Verifying Visibility-Based Weak Consistency. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science, Vol. 12075). Springer, 280–307. https://doi.org/10.1007/978-3-030-44914-8_11 Google Scholar
Cross Ref
- Ori Lahav and Viktor Vafeiadis. 2015. Owicki-Gries reasoning for weak memory models. In International Colloquium on Automata, Languages, and Programming. 311–323. https://doi.org/10.1007/978-3-662-47666-6_25 Google Scholar
Digital Library
- Ori Lahav, Viktor Vafeiadis, Jeehoon Kang, Chung-Kil Hur, and Derek Dreyer. 2017. Repairing sequential consistency in C/C++11. In Programming Language Design and Implementation (PLDI). 618–632. https://doi.org/10.1145/3062341.3062352 Google Scholar
Digital Library
- Leslie Lamport. 1979. How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs. IEEE Trans. Computers, 28, 9 (1979), 690–691. https://doi.org/10.1109/TC.1979.1675439 Google Scholar
Digital Library
- Nhat Minh Lê, Adrien Guatto, Albert Cohen, and Antoniu Pop. 2013. Correct and efficient bounded FIFO queues. In 2013 25th International Symposium on Computer Architecture and High Performance Computing. 144–151. https://doi.org/10.1109/SBAC-PAD.2013.8 Google Scholar
Digital Library
- Nhat Minh Lê, Antoniu Pop, Albert Cohen, and Francesco Zappa Nardelli. 2013. Correct and efficient work-stealing for weak memory models. In Proceedings of the 18th ACM SIGPLAN symposium on Principles and practice of parallel programming. 69–80. https://doi.org/10.1145/2442516.2442524 Google Scholar
Digital Library
- Andreas Lochbihler. 2012. Java and the Java Memory Model – A Unified, Machine-Checked Formalisation. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science, Vol. 7211). Springer, 497–517. https://doi.org/10.1007/978-3-642-28869-2_25 Google Scholar
Digital Library
- Jeremy Manson, William Pugh, and Sarita V. Adve. 2005. The Java memory model. In Principles of Programming Languages (POPL). 378–391. https://doi.org/10.1145/1047659.1040336 Google Scholar
Digital Library
- Glen Mével, Jacques-Henri Jourdan, and François Pottier. 2020. Cosmo: A Concurrent Separation Logic for Multicore OCaml. Proceedings of the ACM on Programming Languages, 4, ICFP (2020), June, https://doi.org/10.1145/3408978 Google Scholar
Digital Library
- Glen Mével, Jacques-Henri Jourdan, and François Pottier. 2021. Coq proofs for Cosmo and examples. https://gitlab.inria.fr/gmevel/cosmoGoogle Scholar
- Peter W. O’Hearn. 2007. Resources, Concurrency and Local Reasoning. Theoretical Computer Science, 375, 1–3 (2007), May, 271–307. https://doi.org/10.1016/j.tcs.2006.12.035 Google Scholar
Digital Library
- Matthew J. Parkinson, Richard Bornat, and Peter W. O’Hearn. 2007. Modular verification of a non-blocking stack. In Principles of Programming Languages (POPL). 297–302. https://doi.org/10.1145/1190216.1190261 Google Scholar
Digital Library
- Azalea Raad, Marko Doko, Lovro Rozic, Ori Lahav, and Viktor Vafeiadis. 2019. On library correctness under weak memory consistency: specifying and verifying concurrent libraries under declarative consistency models. Proceedings of the ACM on Programming Languages, 3, POPL (2019), 68:1–68:31. https://doi.org/10.1145/3290381 Google Scholar
Digital Library
- John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In Logic in Computer Science (LICS). 55–74. https://doi.org/10.1109/LICS.2002.1029817 Google Scholar
Cross Ref
- Erik Rigtorp. 2021. MPMCQueue. https://github.com/rigtorp/MPMCQueueGoogle Scholar
- Graeme Smith, Kirsten Winter, and Robert J Colvin. 2019. Linearizability on hardware weak memory models. Formal Aspects of Computing, 1–32. https://doi.org/10.1007/s00165-019-00499-8 Google Scholar
Digital Library
- Kasper Svendsen, Lars Birkedal, and Matthew J. Parkinson. 2013. Modular Reasoning about Separation of Concurrent Data Structures. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science, Vol. 7792). Springer, 169–188. https://doi.org/10.1007/978-3-642-37036-6_11 Google Scholar
Digital Library
- The Coq development team. 2020. The Coq Proof Assistant. http://coq.inria.fr/Google Scholar
- Amin Timany and Lars Birkedal. 2021. Reasoning about Monotonicity in Separation Logic. In Certified Programs and Proofs (CPP). 91–104. https://doi.org/10.1145/3437992.3439931 Google Scholar
Digital Library
- Aaron Turon, Viktor Vafeiadis, and Derek Dreyer. 2014. GPS: navigating weak memory with ghosts, protocols, and separation. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA). 691–707. https://doi.org/10.1145/2714064.2660243 Google Scholar
Digital Library
- Viktor Vafeiadis and Chinmay Narayan. 2013. Relaxed separation logic: a program logic for C11 concurrency. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA). 867–884. https://doi.org/10.1145/2544173.2509532 Google Scholar
Digital Library
- Simon Friis Vindum and Lars Birkedal. 2021. Contextual refinement of the Michael-Scott queue. In Certified Programs and Proofs (CPP). 76–90. https://doi.org/10.1145/3437992.3439930 Google Scholar
Digital Library
- Simon Friis Vindum, Dan Frumin, and Lars Birkedal. 2021. Mechanized Verification of a Fine-Grained Concurrent Queue from Facebook’s Folly Library. March, https://cs.au.dk/~birke/papers/mpmc-queue.pdf Submitted for publication.Google Scholar
- Yannick Zakowski, David Cachera, Delphine Demange, and David Pichardie. 2018. Verified compilation of linearizable data structures: mechanizing rely guarantee for semantic refinement. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing. 1881–1890. https://doi.org/10.1145/3167132.3167333 Google Scholar
Digital Library
Index Terms
Formal verification of a concurrent bounded queue in a weak memory model
Recommendations
Cosmo: a concurrent separation logic for multicore OCaml
Multicore OCaml extends OCaml with support for shared-memory concurrency. It is equipped with a weak memory model, for which an operational semantics has been published. This begs the question: what reasoning rules can one rely upon while writing or ...
Verifying read-copy-update in a logic for weak memory
PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and ImplementationRead-Copy-Update (RCU) is a technique for letting multiple readers safely access a data structure while a writer concurrently modifies it. It is used heavily in the Linux kernel in situations where fast reads are important and writes are infrequent. ...
Verifying read-copy-update in a logic for weak memory
PLDI '15Read-Copy-Update (RCU) is a technique for letting multiple readers safely access a data structure while a writer concurrently modifies it. It is used heavily in the Linux kernel in situations where fast reads are important and writes are infrequent. ...






Comments