4,198 research outputs found
An ACL2 Mechanization of an Axiomatic Framework for Weak Memory
Proving the correctness of programs written for multiple processors is a
challenging problem, due in no small part to the weaker memory guarantees
afforded by most modern architectures. In particular, the existence of store
buffers means that the programmer can no longer assume that writes to different
locations become visible to all processors in the same order. However, all
practical architectures do provide a collection of weaker guarantees about
memory consistency across processors, which enable the programmer to write
provably correct programs in spite of a lack of full sequential consistency. In
this work, we present a mechanization in the ACL2 theorem prover of an
axiomatic weak memory model (introduced by Alglave et al.). In the process, we
provide a new proof of an established theorem involving these axioms.Comment: In Proceedings ACL2 2014, arXiv:1406.123
Life of occam-Pi
This paper considers some questions prompted by a brief review of the history of computing. Why is programming so hard? Why is concurrency considered an “advanced” subject? What’s the matter with Objects? Where did all the Maths go? In searching for answers, the paper looks at some concerns over fundamental ideas within object orientation (as represented by modern programming languages), before focussing on the concurrency model of communicating processes and its particular expression in the occam family of languages. In that focus, it looks at the history of occam, its underlying philosophy (Ockham’s Razor), its semantic foundation on Hoare’s CSP, its principles of process oriented design and its development over almost three decades into occam-? (which blends in the concurrency dynamics of Milner’s ?-calculus). Also presented will be an urgent need for rationalisation – occam-? is an experiment that has demonstrated significant results, but now needs time to be spent on careful review and implementing the conclusions of that review. Finally, the future is considered. In particular, is there a future
Thread-Modular Static Analysis for Relaxed Memory Models
We propose a memory-model-aware static program analysis method for accurately
analyzing the behavior of concurrent software running on processors with weak
consistency models such as x86-TSO, SPARC-PSO, and SPARC-RMO. At the center of
our method is a unified framework for deciding the feasibility of inter-thread
interferences to avoid propagating spurious data flows during static analysis
and thus boost the performance of the static analyzer. We formulate the
checking of interference feasibility as a set of Datalog rules which are both
efficiently solvable and general enough to capture a range of hardware-level
memory models. Compared to existing techniques, our method can significantly
reduce the number of bogus alarms as well as unsound proofs. We implemented the
method and evaluated it on a large set of multithreaded C programs. Our
experiments showthe method significantly outperforms state-of-the-art
techniques in terms of accuracy with only moderate run-time overhead.Comment: revised version of the ESEC/FSE 2017 pape
Correct and efficient accelerator programming
This report documents the program and the outcomes of Dagstuhl Seminar 13142 “Correct and Efficient Accelerator Programming”. The aim of this Dagstuhl seminar was to bring together researchers from various sub-disciplines of computer science to brainstorm and discuss the theoretical foundations, design and implementation of techniques and tools for correct and efficient accelerator programming
Lifting the Reasoning Level in Generic Weak Memory Verification (Extended Version)
Weak memory models specify the semantics of concurrent programs on multi-core
architectures. Reasoning techniques for weak memory models are often
specialized to one fixed model and verification results are hence not
transferable to other memory models. A recent proposal of a generic
verification technique based on axioms on program behaviour expressed via
weakest preconditions aims at overcoming this specialization to dedicated
models. Due to the usage of weakest preconditions, reasoning however takes
place on a very low level requiring the application of numerous axioms for
deriving program properties, even for a single statement. In this paper, we
lift reasoning in this generic verification approach to a more abstract level.
Based on a view-based assertion language, we provide a number of novel proof
rules for directly reasoning on the level of program constructs. We prove
soundness of our proof rules and exemplify them on the write-to-read causality
(WRC) litmus test. A comparison to the axiom-based low-level proof reveals a
significant reduction in the number of required proof steps
Study of fault-tolerant software technology
Presented is an overview of the current state of the art of fault-tolerant software and an analysis of quantitative techniques and models developed to assess its impact. It examines research efforts as well as experience gained from commercial application of these techniques. The paper also addresses the computer architecture and design implications on hardware, operating systems and programming languages (including Ada) of using fault-tolerant software in real-time aerospace applications. It concludes that fault-tolerant software has progressed beyond the pure research state. The paper also finds that, although not perfectly matched, newer architectural and language capabilities provide many of the notations and functions needed to effectively and efficiently implement software fault-tolerance
Locality and Singularity for Store-Atomic Memory Models
Robustness is a correctness notion for concurrent programs running under
relaxed consistency models. The task is to check that the relaxed behavior
coincides (up to traces) with sequential consistency (SC). Although
computationally simple on paper (robustness has been shown to be
PSPACE-complete for TSO, PGAS, and Power), building a practical robustness
checker remains a challenge. The problem is that the various relaxations lead
to a dramatic number of computations, only few of which violate robustness.
In the present paper, we set out to reduce the search space for robustness
checkers. We focus on store-atomic consistency models and establish two
completeness results. The first result, called locality, states that a
non-robust program always contains a violating computation where only one
thread delays commands. The second result, called singularity, is even stronger
but restricted to programs without lightweight fences. It states that there is
a violating computation where a single store is delayed.
As an application of the results, we derive a linear-size source-to-source
translation of robustness to SC-reachability. It applies to general programs,
regardless of the data domain and potentially with an unbounded number of
threads and with unbounded buffers. We have implemented the translation and
verified, for the first time, PGAS algorithms in a fully automated fashion. For
TSO, our analysis outperforms existing tools
- …