9 research outputs found
An observational approach to defining linearizability on weak memory models
In this paper we present a framework for defining linearizability on weak memory models. The purpose of the framework is to be able to define the correctness of concurrent algorithms in a uniform way across a variety of memory models. To do so linearizability is defined within the framework in terms of memory order as opposed to program order. Such a generalisation of the original definition of linearizability enables it to be applied to non-sequentially consistent architectures. It also allows the definition to be given in terms of observable effects rather than being dependent on an understanding of the weak memory model architecture. We illustrate the framework on the TSO (Total Store Order) weak memory model, and show that it respects existing definitions of linearizability on TSO
Modelling concurrent objects running on the TSO and ARMv8 memory models
Hardware weak memory models, such as TSO and ARM, are used to increase the performance of concurrent programs by allowing program instructions to be executed on the hardware in a different order to that specified by the software. This places a challenge on the verification of concurrent objects used in these programs since the variations in the executions need to be considered.
Many approaches exist for verifying concurrent objects along with associated tool support. In particular, we focus on a thread-local approach to checking linearizability, the standard correctness condition for concurrent objects, using a model checker. This approach, like most others, does not support weak memory models. In order to reuse this existing approach, therefore, we show how to use the semantics of a weak memory model to directly derive a transition system of concurrent objects running under it.
We do this for both TSO and the latest version of ARM, ARMv8. Since there is a straightforward implementation of TSO, we reflect this in our transition system which includes a buffer of writes to memory mirroring the store buffer of TSO. We illustrate linearizability checking using model checking on a transition system generated by this approach.
The implementation of the significantly more complex ARMv8 architecture is less obvious. We derive our transition system in this case from an exisiting operational semantics that is consistent with the results of thousands of litmus test run on ARM hardware
Classical BI: Its Semantics and Proof Theory
We present Classical BI (CBI), a new addition to the family of bunched logics
which originates in O'Hearn and Pym's logic of bunched implications BI. CBI
differs from existing bunched logics in that its multiplicative connectives
behave classically rather than intuitionistically (including in particular a
multiplicative version of classical negation). At the semantic level,
CBI-formulas have the normal bunched logic reading as declarative statements
about resources, but its resource models necessarily feature more structure
than those for other bunched logics; principally, they satisfy the requirement
that every resource has a unique dual. At the proof-theoretic level, a very
natural formalism for CBI is provided by a display calculus \`a la Belnap,
which can be seen as a generalisation of the bunched sequent calculus for BI.
In this paper we formulate the aforementioned model theory and proof theory for
CBI, and prove some fundamental results about the logic, most notably
completeness of the proof theory with respect to the semantics.Comment: 42 pages, 8 figure
Featherweight VeriFast
VeriFast is a leading research prototype tool for the sound modular
verification of safety and correctness properties of single-threaded and
multithreaded C and Java programs. It has been used as a vehicle for
exploration and validation of novel program verification techniques and for
industrial case studies; it has served well at a number of program verification
competitions; and it has been used for teaching by multiple teachers
independent of the authors. However, until now, while VeriFast's operation has
been described informally in a number of publications, and specific
verification techniques have been formalized, a clear and precise exposition of
how VeriFast works has not yet appeared. In this article we present for the
first time a formal definition and soundness proof of a core subset of the
VeriFast program verification approach. The exposition aims to be both
accessible and rigorous: the text is based on lecture notes for a graduate
course on program verification, and it is backed by an executable
machine-readable definition and machine-checked soundness proof in Coq
Borrowable Fractional Ownership Types for Verification
Automated verification of functional correctness of imperative programs with
references (a.k.a. pointers) is challenging because of reference aliasing.
Ownership types have recently been applied to address this issue, but the
existing approaches were limited in that they are effective only for a class of
programs whose reference usage follows a certain style. To relax the
limitation, we combine the approaches of ConSORT (based on fractional
ownership) and RustHorn (based on borrowable ownership), two recent approaches
to automated program verification based on ownership types, and propose the
notion of borrowable fractional ownership types. We formalize a new type system
based on the borrowable fractional ownership types and show how we can use it
to automatically reduce the program verification problem for imperative
programs with references to that for functional programs without references. We
also show the soundness of our type system and the translation, and conduct
experiments to confirm the effectiveness of our approach.Comment: An extended version of the paper to appear in Proceedings of VMCAI
202
Separation Logic
Separation logic is a key development in formal reasoning about programs, opening up new lines of attack on longstanding problems
Modular safety checking for fine-grained concurrency
Abstract. Concurrent programs are difficult to verify because the proof must consider the interactions between the threads. Fine-grained concurrency and heap allocated data structures exacerbate this problem, because threads interfere more often and in richer ways. In this paper we provide a thread-modular safety checker for a class of pointermanipulating fine-grained concurrent algorithms. Our checker uses ownership to avoid interference whenever possible, and rely/guarantee (assume/guarantee) to deal with interference when it genuinely exists.