research-article

Open access

RustBelt meets relaxed memory

Authors:

Hoang-Hai Dang,

Jacques-Henri Jourdan,

Jan-Oliver Kaiser,

Derek DreyerAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 4, Issue POPL

Article No.: 34, Pages 1 - 29

https://doi.org/10.1145/3371102

Published: 20 December 2019 Publication History

Abstract

The Rust programming language supports safe systems programming by means of a strong ownership-tracking type system. In their prior work on RustBelt, Jung et al. began the task of setting Rust’s safety claims on a more rigorous formal foundation. Specifically, they used Iris, a Coq-based separation logic framework, to build a machine-checked proof of semantic soundness for a λ-calculus model of Rust, as well as for a number of widely-used Rust libraries that internally employ unsafe language features. However, they also made the significant simplifying assumption that the language is sequentially consistent. In this paper, we adapt RustBelt to account for the relaxed-memory operations that concurrent Rust libraries actually use, in the process uncovering a data race in the Arc library. We focus on the most interesting technical problem: how to reason about resource reclamation under relaxed memory, using a logical construction we call synchronized ghost state.

Supplementary Material

WEBM File (a34-dang.webm)

Download
92.74 MB

References

[1]

Amal Ahmed, Andrew W. Appel, Christopher D. Richards, Kedar N. Swadi, Gang Tan, and Daniel C. Wang. 2010. Semantic foundations for typed assembly languages. TOPLAS 32, 3 (2010), 1–67.

Digital Library

[2]

Mark Batty, Scott Owens, Susmit Sarkar, Peter Sewell, and Tjark Weber. 2011. Mathematizing C++ concurrency. In POPL. 55–66.

[3]

Hans-J. Boehm and Brian Demsky. 2014. Outlawing ghosts: Avoiding out-of-thin-air results. In MSPC.

[4]

Richard Bornat, Cristiano Calcagno, Peter W. O’Hearn, and Matthew J. Parkinson. 2005. Permission accounting in separation logic. (2005), 259–270.

Digital Library

[5]

John Boyland. 2003. Checking interference with fractional permissions. In SAS (LNCS).

[6]

David Chase and Yossi Lev. 2005. Dynamic circular work-stealing deque. In SPAA. 21–28.

Digital Library

[7]

Hoang-Hai Dang, Jacques-Henri Jourdan, Jan-Oliver Kaiser, and Derek Dreyer. 2019. RustBelt meets relaxed memory – Artifact.

Digital Library

[8]

Simon Doherty, Brijesh Dongol, Heike Wehrheim, and John Derrick. 2019. Verifying C11 programs operationally. In PPoPP. 355–365.

Digital Library

[9]

Marko Doko and Viktor Vafeiadis. 2016. A program logic for C11 memory fences. In VMCAI (LNCS). Springer, 413–430.

[10]

Marko Doko and Viktor Vafeiadis. 2017. Tackling real-life relaxed concurrency with FSL++. In ESOP.

[11]

Derek Dreyer. 2016. RustBelt project webpage. http://plv.mpi-sws.org/rustbelt/

[12]

Alexey Gotsman, Josh Berdine, Byron Cook, Noam Rinetzky, and Mooly Sagiv. 2007. Local reasoning for storable locks and threads. In APLAS. 19–37.

[13]

Mengda He, Viktor Vafeiadis, Shengchao Qin, and João F. Ferreira. 2018. GPS+: Reasoning about fences and relaxed atomics. International Journal of Parallel Programming 46, 6 (2018), 1157–1183.

Digital Library

[14]

Aquinas Hobor, Andrew W. Appel, and Francesco Zappa Nardelli. 2008. Oracle semantics for concurrent separation logic. In ESOP. 353–367.

[15]

Jacques-Henri Jourdan. 2018. Insufficient synchronization in Arc::get_mut. Rust issue #51780, https://github.com/rustlang/rust/issues/51780 .

[16]

Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2018a. RustBelt: Securing the foundations of the Rust programming language. PACMPL 2, POPL, Article 66 (2018).

Digital Library

[17]

Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Aleš Bizjak, Lars Birkedal, and Derek Dreyer. 2018b. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. Journal of Functional Programming 28, e20 (Nov. 2018), 1–73.

[18]

Jan-Oliver Kaiser, Hoang-Hai Dang, Derek Dreyer, Ori Lahav, and Viktor Vafeiadis. 2017. Strong logic for weak memory: Reasoning about release-acquire consistency in Iris. In ECOOP (LIPIcs). 17:1–17:29.

[19]

Jeehoon Kang, Chung-Kil Hur, Ori Lahav, Viktor Vafeiadis, and Derek Dreyer. 2017. A promising semantics for relaxedmemory concurrency. In POPL. ACM, 175–189.

[20]

Steve Klabnik and Carol Nichols. 2018. The Rust Programming Language. https://doc.rust-lang.org/stable/book/2018-edition/

[21]

Robbert Krebbers, Jacques-Henri Jourdan, Ralf Jung, Joseph Tassarotti, Jan-Oliver Kaiser, Amin Timany, Arthur Charguéraud, and Derek Dreyer. 2018. MoSeL: A general, extensible modal framework for interactive proofs in separation logic. PACMPL 2, ICFP, Article 77 (2018).

Digital Library

[22]

Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017. Interactive proofs in higher-order concurrent separation logic. In POPL .

Digital Library

[23]

Ori Lahav, Viktor Vafeiadis, Jeehoon Kang, Chung-Kil Hur, and Derek Dreyer. 2017. Repairing sequential consistency in C/C++11. In PLDI.

[24]

Leslie Lamport. 1979. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Computers 28, 9 (1979), 690–691.

Digital Library

[25]

Anton Podkopaev, Ilya Sergey, and Aleksandar Nanevski. 2016. Operational aspects of C/C++ concurrency. CoRR abs/1606.01400 (2016). arXiv: 1606.01400 http://arxiv.org/abs/1606.01400

[26]

John C. Reynolds. 2002. Separation logic: A logic for shared mutable data structures. In LICS.

[27]

Kasper Svendsen, Jean Pichon-Pharabod, Marko Doko, Ori Lahav, and Viktor Vafeiadis. 2018. A separation logic for a promising semantics. In ESOP. 357–384.

[28]

Joseph Tassarotti, Derek Dreyer, and Viktor Vafeiadis. 2015. Verifying read-copy-update in a logic for weak memory. In PLDI . 110–120.

Digital Library

[29]

Aaron Turon. 2016. Crossbeam: Support for concurrent and parallel programming. Available at https://github.com/aturon/ crossbeam .

[30]

Aaron Turon, Viktor Vafeiadis, and Derek Dreyer. 2014. GPS: Navigating weak memory with ghosts, protocols, and separation. In OOPSLA. ACM, 691–707.

[31]

Viktor Vafeaidis and Chinmay Narayan. 2013. Relaxed separation logic: A program logic for C11 concurrency. In OOPSLA.

Cited By

Park SKim JMulder IJung JLee JKrebbers RKang J(2024)A Proof Recipe for Linearizability in Relaxed Memory Separation LogicProceedings of the ACM on Programming Languages10.1145/36563848:PLDI(175-198)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656384
Hammond ALiu ZPérami TSewell PBirkedal LPichon-Pharabod J(2024)An Axiomatic Basis for Computer Programming on the Relaxed Arm-A Architecture: The AxSL LogicProceedings of the ACM on Programming Languages10.1145/36328638:POPL(604-637)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632863
Mansky WDu K(2024)An Iris Instance for Verifying CompCert C ProgramsProceedings of the ACM on Programming Languages10.1145/36328488:POPL(148-174)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632848
Show More Cited By

Index Terms

RustBelt meets relaxed memory
1. Theory of computation
  1. Logic
    1. Programming logic
    2. Separation logic
  2. Semantics and reasoning
    1. Program semantics
      1. Operational semantics

Recommendations

RustBelt: securing the foundations of the Rust programming language

Rust is a new systems programming language that promises to overcome the seemingly fundamental tradeoff between high-level safety guarantees and low-level control over resource management. Unfortunately, none of Rust's safety claims have been formally ...
RefinedRust: A Type System for High-Assurance Verification of Rust Programs

Rust is a modern systems programming language whose ownership-based type system statically guarantees memory safety, making it particularly well-suited to the domain of safety-critical systems. In recent years, a wellspring of automated deductive ...
Compass: strong and compositional library specifications in relaxed memory separation logic
PLDI 2022: Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation

Several functional correctness criteria have been proposed for relaxed-memory consistency libraries, but most lack support for modular client reasoning. Mével and Jourdan recently showed that logical atomicity can be used to give strong modular Hoare-...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 4, Issue POPL

January 2020

1984 pages

EISSN:2475-1421

DOI:10.1145/3377388

Issue’s Table of Contents

Copyright © 2019 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 December 2019

Published in PACMPL Volume 4, Issue POPL

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Horizon 2020 Framework Programme

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

39
Total Citations
View Citations
1,050
Total Downloads

Downloads (Last 12 months)213
Downloads (Last 6 weeks)23

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Park SKim JMulder IJung JLee JKrebbers RKang J(2024)A Proof Recipe for Linearizability in Relaxed Memory Separation LogicProceedings of the ACM on Programming Languages10.1145/36563848:PLDI(175-198)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656384
Hammond ALiu ZPérami TSewell PBirkedal LPichon-Pharabod J(2024)An Axiomatic Basis for Computer Programming on the Relaxed Arm-A Architecture: The AxSL LogicProceedings of the ACM on Programming Languages10.1145/36328638:POPL(604-637)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632863
Mansky WDu K(2024)An Iris Instance for Verifying CompCert C ProgramsProceedings of the ACM on Programming Languages10.1145/36328488:POPL(148-174)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632848
Abdi JPosluns GZhang GWang BJeffrey MAgrawal KPetrank E(2024)When Is Parallelism Fearless and Zero-Cost with Rust?Proceedings of the 36th ACM Symposium on Parallelism in Algorithms and Architectures10.1145/3626183.3659966(27-40)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3626183.3659966
Cui MSun SXu HZhou YRoychoudhury APaiva AAbreu RStorey M(2024)Is unsafe an Achilles' Heel? A Comprehensive Study of Safety Requirements in Unsafe Rust ProgrammingProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639136(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639136
Hong JShim SPark SKim TKim JLee JRyu SKang J(2024)Taming Shared Mutable States of Operating Systems in RustScience of Computer Programming10.1016/j.scico.2024.103152(103152)Online publication date: May-2024
https://doi.org/10.1016/j.scico.2024.103152
Höltervennhoff SKlostermeyer PWöhler NAcar YFahl SCalandrino JTroncoso C(2023)"I wouldn't want my unsafe code to run my pacemaker"Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620378(2509-2525)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620378
Zheng XWan ZZhang YChang RLo D(2023)A Closer Look at the Security Risks in the Rust EcosystemACM Transactions on Software Engineering and Methodology10.1145/3624738Online publication date: 16-Sep-2023
https://doi.org/10.1145/3624738
Jung JLee JChoi JKim JPark SKang J(2023)Modular Verification of Safe Memory Reclamation in Concurrent Separation LogicProceedings of the ACM on Programming Languages10.1145/36228277:OOPSLA2(828-856)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622827
Vindum SBirkedal L(2023)Spirea: A Mechanized Concurrent Separation Logic for Weak Persistent MemoryProceedings of the ACM on Programming Languages10.1145/36228207:OOPSLA2(632-657)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622820
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents