19,386 research outputs found
Automating Deductive Verification for Weak-Memory Programs
Writing correct programs for weak memory models such as the C11 memory model
is challenging because of the weak consistency guarantees these models provide.
The first program logics for the verification of such programs have recently
been proposed, but their usage has been limited thus far to manual proofs.
Automating proofs in these logics via first-order solvers is non-trivial, due
to reasoning features such as higher-order assertions, modalities and rich
permission resources. In this paper, we provide the first implementation of a
weak memory program logic using existing deductive verification tools. We
tackle three recent program logics: Relaxed Separation Logic and two forms of
Fenced Separation Logic, and show how these can be encoded using the Viper
verification infrastructure. In doing so, we illustrate several novel encoding
techniques which could be employed for other logics. Our work is implemented,
and has been evaluated on examples from existing papers as well as the Facebook
open-source Folly library.Comment: Extended version of TACAS 2018 publicatio
Heap Abstractions for Static Analysis
Heap data is potentially unbounded and seemingly arbitrary. As a consequence,
unlike stack and static memory, heap memory cannot be abstracted directly in
terms of a fixed set of source variable names appearing in the program being
analysed. This makes it an interesting topic of study and there is an abundance
of literature employing heap abstractions. Although most studies have addressed
similar concerns, their formulations and formalisms often seem dissimilar and
some times even unrelated. Thus, the insights gained in one description of heap
abstraction may not directly carry over to some other description. This survey
is a result of our quest for a unifying theme in the existing descriptions of
heap abstractions. In particular, our interest lies in the abstractions and not
in the algorithms that construct them.
In our search of a unified theme, we view a heap abstraction as consisting of
two features: a heap model to represent the heap memory and a summarization
technique for bounding the heap representation. We classify the models as
storeless, store based, and hybrid. We describe various summarization
techniques based on k-limiting, allocation sites, patterns, variables, other
generic instrumentation predicates, and higher-order logics. This approach
allows us to compare the insights of a large number of seemingly dissimilar
heap abstractions and also paves way for creating new abstractions by
mix-and-match of models and summarization techniques.Comment: 49 pages, 20 figure
Hoare-style Specifications as Correctness Conditions for Non-linearizable Concurrent Objects
Designing scalable concurrent objects, which can be efficiently used on
multicore processors, often requires one to abandon standard specification
techniques, such as linearizability, in favor of more relaxed consistency
requirements. However, the variety of alternative correctness conditions makes
it difficult to choose which one to employ in a particular case, and to compose
them when using objects whose behaviors are specified via different criteria.
The lack of syntactic verification methods for most of these criteria poses
challenges in their systematic adoption and application.
In this paper, we argue for using Hoare-style program logics as an
alternative and uniform approach for specification and compositional formal
verification of safety properties for concurrent objects and their client
programs. Through a series of case studies, we demonstrate how an existing
program logic for concurrency can be employed off-the-shelf to capture
important state and history invariants, allowing one to explicitly quantify
over interference of environment threads and provide intuitive and expressive
Hoare-style specifications for several non-linearizable concurrent objects that
were previously specified only via dedicated correctness criteria. We
illustrate the adequacy of our specifications by verifying a number of
concurrent client scenarios, that make use of the previously specified
concurrent objects, capturing the essence of such correctness conditions as
concurrency-aware linearizability, quiescent, and quantitative quiescent
consistency. All examples described in this paper are verified mechanically in
Coq.Comment: 18 page
TriCheck: Memory Model Verification at the Trisection of Software, Hardware, and ISA
Memory consistency models (MCMs) which govern inter-module interactions in a
shared memory system, are a significant, yet often under-appreciated, aspect of
system design. MCMs are defined at the various layers of the hardware-software
stack, requiring thoroughly verified specifications, compilers, and
implementations at the interfaces between layers. Current verification
techniques evaluate segments of the system stack in isolation, such as proving
compiler mappings from a high-level language (HLL) to an ISA or proving
validity of a microarchitectural implementation of an ISA.
This paper makes a case for full-stack MCM verification and provides a
toolflow, TriCheck, capable of verifying that the HLL, compiler, ISA, and
implementation collectively uphold MCM requirements. The work showcases
TriCheck's ability to evaluate a proposed ISA MCM in order to ensure that each
layer and each mapping is correct and complete. Specifically, we apply TriCheck
to the open source RISC-V ISA, seeking to verify accurate, efficient, and legal
compilations from C11. We uncover under-specifications and potential
inefficiencies in the current RISC-V ISA documentation and identify possible
solutions for each. As an example, we find that a RISC-V-compliant
microarchitecture allows 144 outcomes forbidden by C11 to be observed out of
1,701 litmus tests examined. Overall, this paper demonstrates the necessity of
full-stack verification for detecting MCM-related bugs in the hardware-software
stack.Comment: Proceedings of the Twenty-Second International Conference on
Architectural Support for Programming Languages and Operating System
A Concurrent Perspective on Smart Contracts
In this paper, we explore remarkable similarities between multi-transactional
behaviors of smart contracts in cryptocurrencies such as Ethereum and classical
problems of shared-memory concurrency. We examine two real-world examples from
the Ethereum blockchain and analyzing how they are vulnerable to bugs that are
closely reminiscent to those that often occur in traditional concurrent
programs. We then elaborate on the relation between observable contract
behaviors and well-studied concurrency topics, such as atomicity, interference,
synchronization, and resource ownership. The described
contracts-as-concurrent-objects analogy provides deeper understanding of
potential threats for smart contracts, indicate better engineering practices,
and enable applications of existing state-of-the-art formal verification
techniques.Comment: 15 page
- …