Abstract
Today’s compilers employ a variety of non-trivial optimizations to achieve good performance. One key trick compilers use to justify transformations of concurrent programs is to assume that the source program has no data races: if it does, they cause the program to have undefined behavior (UB) and give the compiler free rein. However, verifying correctness of optimizations that exploit this assumption is a non-trivial problem. In particular, prior work either has not proven that such optimizations preserve program termination (particularly non-obvious when considering optimizations that move instructions out of loop bodies), or has treated all synchronization operations as external functions (losing the ability to reorder instructions around them).
In this work we present Simuliris, the first simulation technique to establish termination preservation (under a fair scheduler) for a range of concurrent program transformations that exploit UB in the source language. Simuliris is based on the idea of using ownership to reason modularly about the assumptions the compiler makes about programs with well-defined behavior. This brings the benefits of concurrent separation logics to the space of verifying program transformations: we can combine powerful reasoning techniques such as framing and coinduction to perform thread-local proofs of non-trivial concurrent program optimizations. Simuliris is built on a (non-step-indexed) variant of the Coq-based Iris framework, and is thus not tied to a particular language. In addition to demonstrating the effectiveness of Simuliris on standard compiler optimizations involving data race UB, we also instantiate it with Jung et al.’s Stacked Borrows semantics for Rust and generalize their proofs of interesting type-based aliasing optimizations to account for concurrency.
Supplemental Material
- Andrew W. Appel and David A. McAllester. 2001. An indexed model of recursive types for foundational proof-carrying code. TOPLAS, 23, 5 (2001), 657–683. https://doi.org/10.1145/504709.504712 Google Scholar
Digital Library
- Nick Benton. 2004. Simple relational correctness proofs for static analyses and program transformations. In POPL. 14–25. https://doi.org/10.1145/964001.964003 Google Scholar
Digital Library
- Lennart Beringer, Gordon Stewart, Robert Dockins, and Andrew W. Appel. 2014. Verified Compilation for Shared-Memory C. In ESOP (LNCS, Vol. 8410). 107–127. https://doi.org/10.1007/978-3-642-54833-8_7 Google Scholar
Digital Library
- Richard Bornat, Cristiano Calcagno, Peter W. O’Hearn, and Matthew J. Parkinson. 2005. Permission accounting in separation logic. In POPL. 259–270. https://doi.org/10.1145/1040305.1040327 Google Scholar
Digital Library
- John Boyland. 2003. Checking Interference with Fractional Permissions. In Static Analysis. 55–72.Google Scholar
- Santiago Cuellar. 2020. Concurrent Permission Machine for modular proofs of optimizing compilers with shared memory concurrency. Ph.D. Dissertation. Princeton University, New Jersey, USA. https://dataspace.princeton.edu/handle/88435/dsp01qr46r378dGoogle Scholar
- Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2018. ReLoC: A Mechanised Relational Logic for Fine-Grained Concurrency. In LICS. 442–451. https://doi.org/10.1145/3209108.3209174 Google Scholar
Digital Library
- Ronghui Gu, Jérémie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan (Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2015. Deep Specifications and Certified Abstraction Layers. In POPL. 595–608. https://doi.org/10.1145/2676726.2676975 Google Scholar
Digital Library
- Ronghui Gu, Zhong Shao, Jieung Kim, Xiongnan (Newman) Wu, Jérémie Koenig, Vilhelm Sjöberg, Hao Chen, David Costanzo, and Tahina Ramananandro. 2018. Certified concurrent abstraction layers. In PLDI. 646–661. https://doi.org/10.1145/3192366.3192381 Google Scholar
Digital Library
- Lennard Gäher, Michael Sammler, Simon Spies, Ralf Jung, Hoang(-)Hai Dang, Robbert Krebbers, Jeehoon Kang, and Derek Dreyer. 2022. Simuliris: Technical Documentation and Coq Development. https://doi.org/10.5281/zenodo.5667545 Google Scholar
Digital Library
- Chung-Kil Hur, Derek Dreyer, Georg Neis, and Viktor Vafeiadis. 2012. The marriage of bisimulations and Kripke logical relations. In POPL. 59–72. https://doi.org/10.1145/2103656.2103666 Google Scholar
Digital Library
- Chung-Kil Hur, Georg Neis, Derek Dreyer, and Viktor Vafeiadis. 2013. The power of parameterization in coinductive proof. In POPL. 193–206. https://doi.org/10.1145/2429069.2429093 Google Scholar
Digital Library
- Hanru Jiang, Hongjin Liang, Siyang Xiao, Junpeng Zha, and Xinyu Feng. 2019. Towards certified separate compilation for concurrent programs. In PLDI. 111–125. https://doi.org/10.1145/3314221.3314595 Google Scholar
Digital Library
- Ralf Jung. 2020. Understanding and evolving the Rust programming language. Ph.D. Dissertation. Universität des Saarlandes, Saarbrücken, Germany. https://publikationen.sulb.uni-saarland.de/handle/20.500.11880/29647Google Scholar
- Ralf Jung, Hoang-Hai Dang, Jeehoon Kang, and Derek Dreyer. 2020. Stacked borrows: an aliasing model for Rust. Proc. ACM Program. Lang., 4, POPL (2020), 41:1–41:32. https://doi.org/10.1145/3371109 Google Scholar
Digital Library
- Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2018. RustBelt: Securing the foundations of the Rust programming language. Proc. ACM Program. Lang., 2, POPL (2018), 66:1–66:34. https://doi.org/10.1145/3158154 Google Scholar
Digital Library
- Ralf Jung, Robbert Krebbers, Lars Birkedal, and Derek Dreyer. 2016. Higher-order ghost state. In ICFP. 256–269. https://doi.org/10.1145/2951913.2951943 Google Scholar
Digital Library
- Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. J. Funct. Program., 28 (2018), e20. https://doi.org/10.1017/S0956796818000151 Google Scholar
Cross Ref
- Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning. In POPL. 637–650. https://doi.org/10.1145/2676726.2676980 Google Scholar
Digital Library
- Jeehoon Kang, Chung-Kil Hur, Ori Lahav, Viktor Vafeiadis, and Derek Dreyer. 2017. A promising semantics for relaxed-memory concurrency. In POPL. 175–189. https://doi.org/10.1145/3009837.3009850 Google Scholar
Digital Library
- Jeehoon Kang, Chung-Kil Hur, William Mansky, Dmitri Garbuzov, Steve Zdancewic, and Viktor Vafeiadis. 2015. A formal C memory model supporting integer-pointer casts. In PLDI. 326–335. https://doi.org/10.1145/2737924.2738005 Google Scholar
Digital Library
- Robbert Krebbers, Jacques-Henri Jourdan, Ralf Jung, Joseph Tassarotti, Jan-Oliver Kaiser, Amin Timany, Arthur Charguéraud, and Derek Dreyer. 2018. MoSeL: A general, extensible modal framework for interactive proofs in separation logic. Proc. ACM Program. Lang., 2, ICFP (2018), 77:1–77:30. https://doi.org/10.1145/3236772 Google Scholar
Digital Library
- Robbert Krebbers, Ralf Jung, Ales Bizjak, Jacques-Henri Jourdan, Derek Dreyer, and Lars Birkedal. 2017. The Essence of Higher-Order Concurrent Separation Logic. In ESOP (LNCS, Vol. 10201). 696–723. https://doi.org/10.1007/978-3-662-54434-1_26 Google Scholar
Digital Library
- Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017. Interactive proofs in higher-order concurrent separation logic. In POPL. 205–217. https://doi.org/10.1145/3009837.3009855 Google Scholar
Digital Library
- Ramana Kumar, Magnus O. Myreen, Michael Norrish, and Scott Owens. 2014. CakeML: a verified implementation of ML. In POPL. 179–192. https://doi.org/10.1145/2535838.2535841 Google Scholar
Digital Library
- Juneyoung Lee, Yoonseung Kim, Youngju Song, Chung-Kil Hur, Sanjoy Das, David Majnemer, John Regehr, and Nuno P. Lopes. 2017. Taming undefined behavior in LLVM. In PLDI. 633–647. https://doi.org/10.1145/3062341.3062343 Google Scholar
Digital Library
- D. Lehmann, A. Pnueli, and J. Stavi. 1981. Impartiality, justice and fairness: The ethics of concurrent termination. In Automata, Languages and Programming. 264–277. isbn:978-3-540-38745-9 https://doi.org/10.1007/3-540-10843-2_22 Google Scholar
Cross Ref
- Xavier Leroy. 2006. Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In POPL. 42–54. https://doi.org/10.1145/1111037.1111042 Google Scholar
Digital Library
- Xavier Leroy. 2009. Formal verification of a realistic compiler. Commun. ACM, 52, 7 (2009), 107–115. https://doi.org/10.1145/1538788.1538814 Google Scholar
Digital Library
- Hongjin Liang and Xinyu Feng. 2016. A program logic for concurrent objects under fair scheduling. In POPL. 385–399. https://doi.org/10.1145/2837614.2837635 Google Scholar
Digital Library
- Hongjin Liang and Xinyu Feng. 2018. Progress of concurrent objects with partial methods. PACMPL, 2, POPL (2018), 20:1–20:31. https://doi.org/10.1145/3158108 Google Scholar
Digital Library
- Hongjin Liang, Xinyu Feng, and Zhong Shao. 2014. Compositional verification of termination-preserving refinement of concurrent programs. In CSL-LICS. 65:1–65:10. https://doi.org/10.1145/2603088.2603123 Google Scholar
Digital Library
- Robin Morisset, Pankaj Pawan, and Francesco Zappa Nardelli. 2013. Compiler testing via a theory of sound optimisations in the C11/C++11 memory model. In PLDI. 187–196. https://doi.org/10.1145/2491956.2491967 Google Scholar
Digital Library
- Peter W. O’Hearn and David J. Pym. 1999. The Logic of Bunched Implications. Bulletin of Symbolic Logic, 5 (1999), 215–244. https://doi.org/10.2307/421090 Google Scholar
Cross Ref
- Michael Sammler, Rodolphe Lepigre, Robbert Krebbers, Kayvan Memarian, Derek Dreyer, and Deepak Garg. 2021. RefinedC: Automating the Foundational Verification of C Code with Refined Ownership Types. In PLDI. 158–174. https://doi.org/10.1145/3453483.3454036 Google Scholar
Digital Library
- Simon Spies, Lennard Gäher, Daniel Gratzer, Joseph Tassarotti, Robbert Krebbers, Derek Dreyer, and Lars Birkedal. 2021. Transfinite Iris: Resolving an Existential Dilemma of Step-Indexed Separation Logic. In PLDI. https://doi.org/10.1145/3453483.3454031 Google Scholar
Digital Library
- Gordon Stewart, Lennart Beringer, Santiago Cuellar, and Andrew W. Appel. 2015. Compositional CompCert. In POPL. 275–287. https://doi.org/10.1145/2676726.2676985 Google Scholar
Digital Library
- Kasper Svendsen and Lars Birkedal. 2014. Impredicative Concurrent Abstract Predicates. In ESOP (LNCS, Vol. 8410). 149–168. https://doi.org/10.1007/978-3-642-54833-8_9 Google Scholar
Digital Library
- Joseph Tassarotti, Ralf Jung, and Robert Harper. 2017. A Higher-Order Logic for Concurrent Termination-Preserving Refinement. In ESOP (LNCS, Vol. 10201). 909–936. https://doi.org/10.1007/978-3-662-54434-1_34 Google Scholar
Digital Library
- Viktor Vafeiadis, Thibaut Balabonski, Soham Chakraborty, Robin Morisset, and Francesco Zappa Nardelli. 2015. Common Compiler Optimisations are Invalid in the C11 Memory Model and what we can do about it. In POPL. 209–220. https://doi.org/10.1145/2676726.2676995 Google Scholar
Digital Library
- Jaroslav Ševčík, Viktor Vafeiadis, Francesco Zappa Nardelli, Suresh Jagannathan, and Peter Sewell. 2013. CompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency. J. ACM, 60, 3 (2013), https://doi.org/10.1145/2487241.2487248 Google Scholar
Digital Library
- Li-yao Xia, Yannick Zakowski, Paul He, Chung-Kil Hur, Gregory Malecha, Benjamin C. Pierce, and Steve Zdancewic. 2020. Interaction trees: representing recursive and impure programs in Coq. Proc. ACM Program. Lang., 4, POPL (2020), 51:1–51:32. https://doi.org/10.1145/3371119 Google Scholar
Digital Library
- Hongseok Yang. 2007. Relational Separation Logic. TCS, 375, 1–3 (2007), 308–334. https://doi.org/10.1016/j.tcs.2006.12.036 Google Scholar
Digital Library
- Jaroslav Ševčík. 2009. Program transformations in weak memory models. Ph.D. Dissertation. University of Edinburgh, UK. http://hdl.handle.net/1842/3132Google Scholar
- Jaroslav Ševčík. 2011. Safe optimisations for shared-memory concurrent programs. In PLDI. 306–316. https://doi.org/10.1145/1993498.1993534 Google Scholar
Digital Library
Index Terms
Simuliris: a separation logic framework for verifying concurrent program optimizations
Recommendations
Proof Automation for Linearizability in Separation Logic
Recent advances in concurrent separation logic enabled the formal verification of increasingly sophisticated fine-grained (i.e., lock-free) concurrent programs. For such programs, the golden standard of correctness is linearizability, which expresses ...
Interactive proofs in higher-order concurrent separation logic
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming LanguagesWhen using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...
Interactive proofs in higher-order concurrent separation logic
POPL '17When using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...






Comments