research-article

Armada: low-effort verification of high-performance concurrent programs

Authors:

Jacob R. Lorch,

Manos Kapritsos,

Upamanyu Sharma,

James R. Wilcox,

Xueyuan ZhaoAuthors Info & Claims

PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 197 - 210

https://doi.org/10.1145/3385412.3385971

Published: 11 June 2020 Publication History

Abstract

Safely writing high-performance concurrent programs is notoriously difficult. To aid developers, we introduce Armada, a language and tool designed to formally verify such programs with relatively little effort. Via a C-like language and a small-step, state-machine-based semantics, Armada gives developers the flexibility to choose arbitrary memory layout and synchronization primitives so they are never constrained in their pursuit of performance. To reduce developer effort, Armada leverages SMT-powered automation and a library of powerful reasoning techniques, including rely-guarantee, TSO elimination, reduction, and alias analysis. All these techniques are proven sound, and Armada can be soundly extended with additional strategies over time. Using Armada, we verify four concurrent case studies and show that we can achieve performance equivalent to that of unverified code.

References

[1]

Martín Abadi and Leslie Lamport. 1991. The Existence of Refinement Mappings. Theoretical Computer Science 82, 2 (May 1991), 253–284.

Digital Library

[2]

Sarita V. Adve and Mark D. Hill. 1990. Weak ordering—a new definition. In Proc. International Symposium on Computer Architecture (ISCA). 2– 14.

[3]

Mike Barnett, Bor-Yuh Evan Chang, Robert DeLine, Bart Jacobs, and K. Rustan M. Leino. 2006.

[4]

Boogie: A modular reusable verifier for PLDI ’20, June 15–20, 2020, London, UK J. R. Lorch, Y. Chen, M. Kapritsos, B. Parno, S. Qadeer, U. Sharma, J. R. Wilcox, X. Zhao object-oriented programs. Proceedings of Formal Methods for Components and Objects (FMCO) (2006).

[5]

Sandrine Blazy, Zaynah Dargaye, and Xavier Leroy. 2006.

[6]

Formal verification of a C compiler front-end. In Proc. International Symposium on Formal Methods (FM). 460–475.

[7]

Gérard Boudol and Gustavo Petri. 2009.

[8]

Relaxed memory models: An operational approach. In Proc. ACM Symposium on Principles of Programming Languages (POPL). 392–403.

[9]

Tej Chajed, M. Frans Kaashoek, Butler W. Lampson, and Nickolai Zeldovich. 2018. Verifying concurrent software using movers in CSPEC. In Proc. USENIX Symposium on Operating Systems Design and Implementation (OSDI). 306–322.

[10]

Tej Chajed, Joseph Tassarotti, M. Frans Kaashoek, and Nickolai Zeldovich. 2019. Verifying concurrent, crash-safe systems with Perennial. In Proc. ACM Symposium on Operating Systems Principles (SOSP). 243– 258.

Digital Library

[11]

Michael R. Clarkson and Fred B. Schneider. 2010.

Digital Library

[12]

Hyperproperties. Journal of Computer Security 18, 6 (2010), 1157–1210.

[13]

Ernie Cohen and Leslie Lamport. 1998. Reduction in TLA. In Concurrency Theory (CONCUR). 317–331.

[14]

Pedro da Rocha Pinto, Thomas Dinsdale-Young, and Philippa Gardner. 2014. TaDA: A logic for time and data abstraction. In Proc. European Conference on Object-Oriented Programming (ECOOP). 207–231.

Digital Library

[15]

Leonardo de Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In Proc. Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS). 337–340.

[16]

Thomas Dinsdale-Young, Lars Birkedal, Philippa Gardner, Matthew J. Parkinson, and Hongseok Yang. 2013. Views: Compositional reasoning for concurrent programs. In Proc. ACM Symposium on Principles of Programming Languages (POPL). 287–300.

Digital Library

[17]

Mike Dodds, Xinyu Feng, Matthew J. Parkinson, and Viktor Vafeiadis. 2009. Deny-Guarantee Reasoning. In Proc. European Symposium on Programming (ESOP). 363–377.

[18]

Tayfun Elmas, Shaz Qadeer, and Serdar Tasiran. 2009. A calculus of atomic actions. In Proc. ACM Symposium on Principles of Programming Languages (POPL). 2–15.

Digital Library

[19]

Cormac Flanagan, Stephen N. Freund, and Shaz Qadeer. 2004. Exploiting purity for atomicity. In Proc. ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). 221–231.

Digital Library

[20]

Ronghui Gu, Jérémie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan (Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2015. Deep specifications and certified abstraction layers. In Proc. ACM Symposium on Principles of Programming Languages (POPL). 595–608.

Digital Library

[21]

Ronghui Gu, Zhong Shao, Hao Chen, Xiongnan Wu, Jieung Kim, Vilhelm Sjöberg, and David Costanzo. 2016. CertiKOS: An extensible architecture for building certified concurrent OS kernels. In Proc. USENIX Conference on Operating Systems Design and Implementation (OSDI). 653–669.

[22]

Ronghui Gu, Zhong Shao, Jieung Kim, Xiongnan (Newman) Wu, Jérémie Koenig, Vilhelm Sjöberg, Hao Chen, David Costanzo, and Tahina Ramananandro. 2018. Certified concurrent abstraction layers. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). 646–661.

Digital Library

[23]

Chris Hawblitzel, Erez Petrank, Shaz Qadeer, and Serdar Tasiran. 2015.

[24]

Automated and modular refinement reasoning for concurrent programs. In Proc. Computer Aided Verification (CAV). 449–465.

[25]

C. B. Jones. 1983. Tentative Steps Toward a Development Method for Interfering Programs. ACM Transactions on Programming Languages and Systems (TOPLAS) 5, 4 (Oct. 1983), 596–619.

Digital Library

[26]

Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris From the Ground Up: A Modular Foundation for Higher-order Concurrent Separation Logic. Journal of Functional Programming 28, e20 (2018).

[27]

Jeehoon Kang, Chung-Kil Hur, Ori Lahav, Viktor Vafeiadis, and Derek Dreyer. 2017. A promising semantics for relaxed-memory concurrency. In Proc. ACM Symposium on Principles of Programming Languages (POPL). 175–189.

Digital Library

[28]

Jieung Kim, Vilhelm Sjöberg, Ronghui Gu, and Zhong Shao. 2017.

[29]

Safety and liveness of MCS lock—layer by layer. In Proc. Asian Symposium on Programming Languages and Systems (APLAS). 273–297.

[30]

Bernhard Kragl and Shaz Qadeer. 2018. Layered concurrent programs. In Proc. International Conference on Computer Aided Verification (CAV). 79–102.

[31]

Robbert Krebbers, Ralf Jung, Ale˘ s Bizjak, Jacques-Henri Jourdan, Derek Dreyer, and Lars Birkedal. 2017. The essence of higher-order concurrent separation logic. In Proc. European Symposium on Programming (ESOP). 696–723.

Digital Library

[32]

Siddharth Krishna, Dennis E. Shasha, and Thomas Wies. 2018. Go With the Flow: Compositional Abstractions for Concurrent Data Structures. Proceedings of the ACM on Programming Languages 2, POPL (Jan. 2018), 37:1–37:31.

Digital Library

[33]

K. Rustan M. Leino. 2010. Dafny: An automatic program verifier for functional correctness. In Proc. Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR). 348–370.

[34]

Hongjin Liang, Xinyu Feng, and Ming Fu. 2012.

[35]

A rely-guaranteebased simulation for verifying concurrent program transformations. In Proc. ACM Symposium on Principles of Programming Languages (POPL). 455–468.

[36]

LibLFDS. 2019.

[37]

LFDS 7.11 queue implementation. https: //github.com/liblfds/liblfds7.1.1/tree/master/liblfds7.1.1/liblfds711/ src/lfds711_queue_bounded_singleproducer_singleconsumer.

[38]

Richard J. Lipton. 1975. Reduction: A Method of Proving Properties of Parallel Programs. Commun. ACM 18, 12 (Dec. 1975), 717–721.

Digital Library

[39]

John M. Mellor-Crummey and Michael L. Scott. 1991. Algorithms for Scalable Synchronization on Shared-Memory Multiprocessors. ACM Transactions on Computer Systems 9, 1 (Feb. 1991), 21–65.

Digital Library

[40]

Maged M. Michael and Michael L. Scott. 2006. Simple, fast, and practical non-blocking and blocking concurrent queue algorithms. In Proc. ACM Symposium on Principles of Distributed Computing (PODC). 267–275.

[41]

Peter W. O’Hearn. 2007. Resources, Concurrency, and Local Reasoning. Theoretical Computer Science 375, 1–3 (2007), 271–307.

Digital Library

[42]

Scott Owens. 2010. Reasoning about the implementation of concurrency abstractions on x86-TSO. In Proc. European Conference on Object-Oriented Programming. 478–503.

[43]

Scott Owens, Susmit Sarkar, and Peter Sewell. 2009.

[44]

A better x86 memory model: x86-TSO. In Proc. Theorem Proving in Higher Order Logics (TPHOLs). 391–407.

[45]

Shaz Qadeer. 2019. Private Communication.

[46]

John Rushby. 1992. Noninterference, Transitivity, and Channel-control Security Policies. Technical Report CSL-92-02, SRI International.

[47]

Norbert Schirmer and Ernie Cohen. 2010. From total store order to sequential consistency: A practical reduction theorem. In Proc. Interactive Theorem Proving (ITP). 403–418.

[48]

Helgi Sigurbjarnarson, Luke Nelson, Bruno Castro-Karney, James Bornholt, Emina Torlak, and Xi Wang. 2018. Nickel: a framework for design and verification of information flow control systems. In Proc. USENIX Symposium on Operating Systems Design and Implementation (OSDI). 287–305.

[49]

Bjarne Steensgaard. 1996. Points-to Analysis in Almost Linear Time. In Proc. ACM Symposium on Principles of Programming Languages (POPL). 32–41.

Digital Library

[50]

Jaroslav Ševčík, Viktor Vafeiadis, Francesco Zappa Nardelli, Suresh Jagannathan, and Peter Sewell. 2011. Relaxed-memory concurrency and verified compilation. In Proc. ACM Symposium on Principles of Programming Languages (POPL). 43–54.

[51]

David A. Wheeler. 2004.

Cited By

Cho MSong YLee DGäher LDreyer D(2023)Stuttering for FreeProceedings of the ACM on Programming Languages10.1145/36228577:OOPSLA2(1677-1704)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622857
Song YCho MLee DHur CSammler MDreyer D(2023)Conditional Contextual RefinementProceedings of the ACM on Programming Languages10.1145/35712327:POPL(1121-1151)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3571232
Meyer ROpaterny AWies TWolff S(2023)nekton: A Linearizability Proof CheckerComputer Aided Verification10.1007/978-3-031-37706-8_9(170-183)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-37706-8_9
Show More Cited By

Index Terms

Armada: low-effort verification of high-performance concurrent programs
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
  2. Software notations and tools
    1. General programming languages
      1. Language types
        Concurrent programming languages

Recommendations

Armada: Automated Verification of Concurrent Code with Sound Semantic Extensibility
Safely writing high-performance concurrent programs is notoriously difficult. To aid developers, we introduce Armada, a language and tool designed to formally verify such programs with relatively little effort. Via a C-like language and a small-step, ...
Specification, Refinement and Verification of Concurrent Systems—An Integration of Object-Z and CSP

This paper presents a method of formally specifying, refining and verifying concurrent systems which uses the object-oriented state-based specification language Object-Z together with the process algebra CSP. Object-Z provides a convenient way of ...
Validating optimizations of concurrent C/C++ programs
CGO '16: Proceedings of the 2016 International Symposium on Code Generation and Optimization

We present a validator for checking the correctness of LLVM compiler optimizations on C11 programs as far as concurrency is concerned. Our validator checks that optimizations do not change memory accesses in ways disallowed by the C11 and/or LLVM ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation

June 2020

1174 pages

ISBN:9781450376136

DOI:10.1145/3385412

General Chair:
Alastair F. Donaldson
Imperial College London, UK
,
Program Chair:
Emina Torlak
University of Washington, USA

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Alfred P. Sloan Foundation
Google Faculty Fellowship
National Science Foundation and VMware

Conference

PLDI '20

Sponsor:

SIGPLAN

PLDI '20: 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation

June 15 - 20, 2020

London, UK

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
1,236
Total Downloads

Downloads (Last 12 months)41
Downloads (Last 6 weeks)3

Reflects downloads up to 12 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Cho MSong YLee DGäher LDreyer D(2023)Stuttering for FreeProceedings of the ACM on Programming Languages10.1145/36228577:OOPSLA2(1677-1704)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622857
Song YCho MLee DHur CSammler MDreyer D(2023)Conditional Contextual RefinementProceedings of the ACM on Programming Languages10.1145/35712327:POPL(1121-1151)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3571232
Meyer ROpaterny AWies TWolff S(2023)nekton: A Linearizability Proof CheckerComputer Aided Verification10.1007/978-3-031-37706-8_9(170-183)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-37706-8_9
Ho SProtzenko J(2022)Aeneas: Rust verification by functional translationProceedings of the ACM on Programming Languages10.1145/35476476:ICFP(711-741)Online publication date: 31-Aug-2022
https://dl.acm.org/doi/10.1145/3547647
Li YWeirich S(2022)Program adverbs and Tlön embeddingsProceedings of the ACM on Programming Languages10.1145/35476326:ICFP(312-342)Online publication date: 31-Aug-2022
https://dl.acm.org/doi/10.1145/3547632
Lorch JChen YKapritsos MMa HParno BQadeer SSharma UWilcox JZhao X(2022)Armada: Automated Verification of Concurrent Code with Sound Semantic ExtensibilityACM Transactions on Programming Languages and Systems10.1145/350249144:2(1-39)Online publication date: 27-May-2022
https://dl.acm.org/doi/10.1145/3502491
Jhala R(2022)Embedded Domain Specific VerifiersPrinciples of Systems Design10.1007/978-3-031-22337-2_26(535-553)Online publication date: 29-Dec-2022
https://doi.org/10.1007/978-3-031-22337-2_26
Khyzha ALahav O(2022)Abstraction for Crash-Resilient ObjectsProgramming Languages and Systems10.1007/978-3-030-99336-8_10(262-289)Online publication date: 5-Apr-2022
https://dl.acm.org/doi/10.1007/978-3-030-99336-8_10
Müller PShankar N(2021)The First Fifteen Years of the Verified Software ProjectTheories of Programming10.1145/3477355.3477362(93-124)Online publication date: 4-Oct-2021
https://dl.acm.org/doi/10.1145/3477355.3477362
Tao RYao JLi XLi SNieh JGu R(2021)Formal Verification of a Multiprocessor Hypervisor on Arm Relaxed Memory HardwareProceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles10.1145/3477132.3483560(866-881)Online publication date: 26-Oct-2021
https://dl.acm.org/doi/10.1145/3477132.3483560
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents