Verification under Intel-x86 with Persistency
Authors: 
Parosh Abdulla, Mohamed Faouzi Atig, Ahmed Bouajjani, K. Narayan Kumar, Prakash SaivasanAuthors Info & Claims
Parosh Abdulla, Mohamed Faouzi Atig, Ahmed Bouajjani, K. Narayan Kumar, Prakash SaivasanAuthors Info & ClaimsArticle No.: 195, Pages 1189 - 1212
Abstract
The full semantics of the Intel-x86 architecture has been defined by Raad et al in POPL 2022, extending the earlier formalization based on the TSO memory model incorporating persistency. This new semantics involves an intricate combination of the SC, TSO, and PSO models to account for the diverse features of the enlarged instruction set. In this paper we investigate the reachability problem under this semantics, including both its consistency and persistency aspects each of which requires reasoning about unbounded operation reorderings. Our first contribution is to show that reachability under this model can be reduced to reachability under a model without the persistency component. This is achieved by showing that the persistency semantics can be simulated by a finite-state protocol running in parallel with the program. Our second contribution is to prove that reachability under the consistency model of Intel-x86 (even without crashes and persistency) is undecidable. Undecidability is obtained as soon as one thread in the program is allowed to use both TSO variables and two PSO variables. The third contribution is showing that for any fixed bound on the alternation between TSO writes (write-backs), and PSO writes (non-temporal writes), the reachability problem is decidable. This defines a complete parametrized schema for under-approximate analysis that can be used for bug finding.
References
[1]
Parosh Aziz Abdulla. 2010. Well (and better) quasi-ordered transition systems. Bull. Symb. Log., 16, 4 (2010), 457–515. https://doi.org/10.2178/bsl/1294171129
[2]
Parosh Aziz Abdulla, Jatin Arora, Mohamed Faouzi Atig, and Shankara Narayanan Krishna. 2019. Verification of programs under the release-acquire semantics. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2019, Phoenix, AZ, USA, June 22-26, 2019., Kathryn S. McKinley and Kathleen Fisher (Eds.). ACM, 1117–1132. isbn:978-1-4503-6712-7 https://doi.org/10.1145/3314221.3314649
[3]
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Ahmed Bouajjani, Egor Derevenetc, Carl Leonardsson, and Roland Meyer. 2020. Safety Verification under Power. In NETYS 2020 (Lecture Notes in Computer Science). Springer.
[4]
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Ahmed Bouajjani, K. Narayan Kumar, and Prakash Saivasan. 2021. Deciding reachability under persistent x86-TSO. Proc. ACM Program. Lang., 5, POPL (2021), 1–32. https://doi.org/10.1145/3434337
[5]
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Ahmed Bouajjani, K. Narayan Kumar, and Prakash Saivasan. 2022. Verifying Reachability for TSO Programs with Dynamic Thread Creation. In Networked Systems - 10th International Conference, NETYS 2022, Virtual Event, May 17-19, 2022, Proceedings, Mohammed-Amine Koulali and Mira Mezini (Eds.) (Lecture Notes in Computer Science, Vol. 13464). Springer, 283–300. https://doi.org/10.1007/978-3-031-17436-0_19
[6]
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Ahmed Bouajjani, and Tuan Phong Ngo. 2016. The Benefits of Duality in Verifying Concurrent Programs under TSO. In CONCUR (LIPIcs, Vol. 59). Schloss Dagstuhl, 5:1–5:15.
[7]
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Ahmed Bouajjani, and Tuan Phong Ngo. 2018. A Load-Buffer Semantics for Total Store Ordering. Logical Methods in Computer Science, 14, 1 (2018), https://doi.org/10.23638/LMCS-14(1:9)2018
[8]
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Florian Furbach, Adwait Amit Godbole, Yacoub G. Hendi, Shankara Narayanan Krishna, and Stephan Spengler. 2023. Parameterized Verification under TSO with Data Types. In Tools and Algorithms for the Construction and Analysis of Systems - 29th International Conference, TACAS 2023, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022, Paris, France, April 22-27, 2023, Proceedings, Part I, Sriram Sankaranarayanan and Natasha Sharygina (Eds.) (Lecture Notes in Computer Science, Vol. 13993). Springer, 588–606. https://doi.org/10.1007/978-3-031-30823-9_30
[9]
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Adwait Godbole, Shankara Narayanan Krishna, and Viktor Vafeiadis. 2021. The Decidability of Verification under PS 2.0. In Programming Languages and Systems - 30th European Symposium on Programming, ESOP 2021, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2021, Luxembourg City, Luxembourg, March 27 - April 1, 2021, Proceedings, Nobuko Yoshida (Ed.) (Lecture Notes in Computer Science, Vol. 12648). Springer, 1–29. https://doi.org/10.1007/978-3-030-72019-3_1
[10]
Parosh Aziz Abdulla, Mohamed Faouzi Atig, Magnus Lång, and Tuan Phong Ngo. 2015. Precise and Sound Automatic Fence Insertion Procedure under PSO. In Networked Systems - Third International Conference, NETYS 2015, Agadir, Morocco, May 13-15, 2015, Revised Selected Papers, Ahmed Bouajjani and Hugues Fauconnier (Eds.) (Lecture Notes in Computer Science, Vol. 9466). Springer, 32–47. https://doi.org/10.1007/978-3-319-26850-7_3
[11]
Parosh Aziz Abdulla, Mohamed Faouzi Atig, and Ngo Tuan Phong. 2015. The Best of Both Worlds: Trading Efficiency and Optimality in Fence Insertion for TSO. In ESOP.
[12]
Parosh Aziz Abdulla, Mohamed Faouzi Atig, and Rojin Rezvan. 2020. Parameterized verification under TSO is PSPACE-complete. PACMPL, 4, POPL (2020).
[13]
Parosh Aziz Abdulla, Karlis Cerans, Bengt Jonsson, and Yih-Kuen Tsay. 1996. General Decidability Theorems for Infinite-State Systems. In Proceedings, 11th Annual IEEE Symposium on Logic in Computer Science, New Brunswick, New Jersey, USA, July 27-30, 1996. IEEE Computer Society, 313–321. isbn:0-8186-7463-6 https://doi.org/10.1109/LICS.1996.561359
[14]
Mohamed Faouzi Atig, Ahmed Bouajjani, Sebastian Burckhardt, and Madanlal Musuvathi. 2010. On the verification problem for weak memory models. In Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2010, Madrid, Spain, January 17-23, 2010, Manuel V. Hermenegildo and Jens Palsberg (Eds.). ACM, 7–18. isbn:978-1-60558-479-9 https://doi.org/10.1145/1706299.1706303
[15]
Mohamed Faouzi Atig, Ahmed Bouajjani, Sebastian Burckhardt, and Madanlal Musuvathi. 2012. What’s Decidable about Weak Memory Models? In Programming Languages and Systems - 21st European Symposium on Programming, ESOP 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Tallinn, Estonia, March 24 - April 1, 2012. Proceedings, Helmut Seidl (Ed.) (Lecture Notes in Computer Science, Vol. 7211). Springer, 26–46. https://doi.org/10.1007/978-3-642-28869-2_2
[16]
Ahmed Bouajjani, Egor Derevenetc, and Roland Meyer. 2013. Checking and Enforcing Robustness against TSO. In Programming Languages and Systems - 22nd European Symposium on Programming, ESOP 2013, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2013, Rome, Italy, March 16-24, 2013. Proceedings, Matthias Felleisen and Philippa Gardner (Eds.) (Lecture Notes in Computer Science, Vol. 7792). Springer, 533–553. isbn:978-3-642-37035-9 https://doi.org/10.1007/978-3-642-37036-6_29
[17]
Ahmed Bouajjani, Roland Meyer, and Eike Möhlmann. 2011. Deciding Robustness against Total Store Ordering. In Automata, Languages and Programming - 38th International Colloquium, ICALP 2011, Zurich, Switzerland, July 4-8, 2011, Proceedings, Part II, Luca Aceto, Monika Henzinger, and Jirí Sgall (Eds.) (Lecture Notes in Computer Science, Vol. 6756). Springer, 428–440. https://doi.org/10.1007/978-3-642-22012-8_34
[18]
Egor Derevenetc and Roland Meyer. 2014. Robustness against Power is PSpace-complete. In Automata, Languages, and Programming - 41st International Colloquium, ICALP 2014, Copenhagen, Denmark, July 8-11, 2014, Proceedings, Part II, Javier Esparza, Pierre Fraigniaud, Thore Husfeldt, and Elias Koutsoupias (Eds.) (Lecture Notes in Computer Science, Vol. 8573). Springer, 158–170. https://doi.org/10.1007/978-3-662-43951-7_14
[19]
Michael Emmi, Shaz Qadeer, and Zvonimir Rakamaric. 2011. Delay-bounded scheduling. In Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, January 26-28, 2011, Thomas Ball and Mooly Sagiv (Eds.). ACM, 411–422. https://doi.org/10.1145/1926385.1926432
[20]
Alain Finkel and Philippe Schnoebelen. 2001. Well-structured transition systems everywhere!. Theor. Comput. Sci., 256, 1-2 (2001), 63–92. https://doi.org/10.1016/S0304-3975(00)00102-X
[21]
Artem Khyzha and Ori Lahav. 2021. Taming x86-TSO persistency. Proc. ACM Program. Lang., 5, POPL (2021), 1–29. https://doi.org/10.1145/3434328
[22]
Shankaranarayanan Krishna, Adwait Godbole, Roland Meyer, and Soham Chakraborty. 2022. Parameterized Verification under Release Acquire is PSPACE-complete. In PODC ’22: ACM Symposium on Principles of Distributed Computing, Salerno, Italy, July 25 - 29, 2022, Alessia Milani and Philipp Woelfel (Eds.). ACM, 482–492. https://doi.org/10.1145/3519270.3538445
[23]
Ori Lahav and Udi Boker. 2020. Decidable verification under a causally consistent shared memory. In Proceedings of the 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation, PLDI 2020, London, UK, June 15-20, 2020, Alastair F. Donaldson and Emina Torlak (Eds.). ACM, 211–226. https://doi.org/10.1145/3385412.3385966
[24]
Ori Lahav and Udi Boker. 2022. What’s Decidable About Causally Consistent Shared Memory? ACM Trans. Program. Lang. Syst., 44, 2 (2022), 8:1–8:55. https://doi.org/10.1145/3505273
[25]
Ori Lahav and Roy Margalit. 2019. Robustness against release/acquire semantics. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2019, Phoenix, AZ, USA, June 22-26, 2019, Kathryn S. McKinley and Kathleen Fisher (Eds.). ACM, 126–141. https://doi.org/10.1145/3314221.3314604
[26]
Roy Margalit and Ori Lahav. 2021. Verifying observational robustness against a c11-style memory model. Proc. ACM Program. Lang., 5, POPL (2021), 1–33. https://doi.org/10.1145/3434285
[27]
Emil L. Post. 1946. A variant of a recursively unsolvable problem. Bull. Amer. Math. Soc., 52 (1946), 264–268.
[28]
Shaz Qadeer and Jakob Rehof. 2005. Context-Bounded Model Checking of Concurrent Software. In Tools and Algorithms for the Construction and Analysis of Systems, 11th International Conference, TACAS 2005, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2005, Edinburgh, UK, April 4-8, 2005, Proceedings, Nicolas Halbwachs and Lenore D. Zuck (Eds.) (Lecture Notes in Computer Science, Vol. 3440). Springer, 93–107. https://doi.org/10.1007/978-3-540-31980-1_7
[29]
Azalea Raad, Luc Maranget, and Viktor Vafeiadis. 2022. Extending Intel-x86 consistency and persistency: formalising the semantics of Intel-x86 memory types and non-temporal stores. Proc. ACM Program. Lang., 6, POPL (2022), 1–31. https://doi.org/10.1145/3498683
[30]
Azalea Raad, John Wickerson, Gil Neiger, and Viktor Vafeiadis. 2020. Persistency semantics of the Intel-x86 architecture. Proc. ACM Program. Lang., 4, POPL (2020), 11:1–11:31. https://doi.org/10.1145/3371079
Index Terms
- Verification under Intel-x86 with Persistency
Recommendations
Deciding reachability under persistent x86-TSO
We address the problem of verifying the reachability problem in programs running under the formal model Px86 defined recently by Raad et al. in POPL'20 for the persistent Intel x86 architecture. We prove that this problem is decidable. To achieve that, ...
Language-level persistency
ISCA'17The commercial release of byte-addressable persistent memories, such as Intel/Micron 3D XPoint memory, is imminent. Ongoing research has sought mechanisms to allow programmers to implement recoverable data structures in these new main memories. Ensuring ...
Persistency semantics of the Intel-x86 architecture
Emerging non-volatile memory (NVM) technologies promise the durability of disks with the performance of RAM. To describe the persistency guarantees of NVM, several memory persistency models have been proposed in the literature. However, the persistency ...
Comments
Information & Contributors
Information
Published In
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 20 June 2024
Published in PACMPL Volume 8, Issue PLDI
Check for updates
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 303Total Downloads
- Downloads (Last 12 months)303
- Downloads (Last 6 weeks)49
Reflects downloads up to 12 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in