research-article

GPS: navigating weak memory with ghosts, protocols, and separation

Authors:

Viktor Vafeiadis, and

Derek DreyerAuthors Info & Claims

ACM SIGPLAN Notices, Volume 49, Issue 10

Pages 691 - 707

https://doi.org/10.1145/2714064.2660243

Published: 15 October 2014 Publication History

Abstract

Weak memory models formalize the inconsistent behaviors that one can expect to observe in multithreaded programs running on modern hardware. In so doing, however, they complicate the already-difficult task of reasoning about correctness of concurrent code. Worse, they render impotent the sophisticated formal methods that have been developed to tame concurrency, which almost universally assume a strong (i.e. sequentially consistent) memory model.

This paper introduces GPS, the first program logic to provide a full-fledged suite of modern verification techniques - including ghost state, protocols, and separation logic - for high-level, structured reasoning about weak memory. We demonstrate the effectiveness of GPS by applying it to challenging examples drawn from the Linux kernel as well as lock-free data structures. We also define the semantics of GPS and prove in Coq that it is sound with respect to the axiomatic C11 weak memory model.

Supplementary Material

TXT File (oopsla186.5.txt)

Instructions

Download
3.57 KB

ZIP File (oopsla186.5.zip)

See oopsla186.5.text for info

Download
791.21 KB

References

[1]

Appendix and Coq development for this paper available at the following URL: http://plv.mpi-sws.org/gps/.

[2]

J. Alglave, D. Kroening, V. Nimal, and M. Tautschnig. Software verification for weak memory via program transformation. In ESOP, 2013.

Digital Library

[3]

M. Batty, S. Owens, S. Sarkar, P. Sewell, and T. Weber. Mathematizing C++ concurrency. In POPL, 2011.

Digital Library

[4]

M. Batty, K. Memarian, S. Owens, S. Sarkar, and P. Sewell. Clarifying and compiling C/C++ concurrency: From C++11 to POWER. In POPL, 2012.

Digital Library

[5]

M. Batty, M. Dodds, and A. Gotsman. Library abstraction for C/C++ concurrency. In POPL, 2013.

Digital Library

[6]

H.-J. Boehm and S. V. Adve. Foundations of the C++ concurrency memory model. In PLDI, 2008.

Digital Library

[7]

M. Bugliesi, S. Calzavara, F. Eigner, and M. Maffei. Logical foundations of secure resource management in protocol implementations. In POST, 2013.

Digital Library

[8]

E. Cohen and B. Schirmer. From total store order to sequential consistency: A practical reduction theorem. In ITP, 2010.

Digital Library

[9]

E. Cohen, M. Dahlweid, M. A. Hillebrand, D. Leinenbach, M. Moskal, T. Santen, W. Schulte, and S. Tobies. VCC: A practical system for verifying concurrent C. In TPHOLs, 2009.

Digital Library

[10]

J. Corbet. Ticket spinlocks, 2008. http://lwn.net/Articles/267968/.

[11]

P. da Rocha Pinto, T. Dinsdale-Young, and P. Gardner. TaDA: A logic for time and data abstraction. In ECOOP, 2014.

Digital Library

[12]

E. W. Dijkstra. EWD123: Cooperating Sequential Processes. Technical report, 1965.

Digital Library

[13]

T. Dinsdale-Young, M. Dodds, P. Gardner, M. Parkinson, and V. Vafeiadis. Concurrent abstract predicates. In ECOOP 2010, volume 6183 of LNCS, pages 504--528. Springer, 2010.

Digital Library

[14]

T. Dinsdale-Young, L. Birkedal, P. Gardner, M. J. Parkinson, and H. Yang. Views: Compositional reasoning for concurrent programs. In POPL, 2013.

Digital Library

[15]

X. Feng. Local rely-guarantee reasoning. In POPL, 2009.

Digital Library

[16]

R. Ferreira, X. Feng, and Z. Shao. Parameterized memory models and concurrent separation logic. In ESOP, 2010.

Digital Library

[17]

C. Flanagan, A. Sabry, B. F. Duba, and M. Felleisen. The essence of compiling with continuations. In PLDI, 1993.

Digital Library

[18]

D. Howells and P. E. McKenney. Circular buffers. https://www.kernel.org/doc/Documentation/circular-buffers.txt.

[19]

ISO/IEC 14882:2011. Programming language C++, 2011.

[20]

ISO/IEC 9899:2011. Programming language C, 2011.

[21]

J. Jensen and L. Birkedal. Fictional separation logic. In ESOP, 2012.

Digital Library

[22]

C. B. Jones. Tentative steps toward a development method for interfering programs. TOPLAS, 5 (4): 596--619, 1983.

Digital Library

[23]

K. R. M. Leino, P. Müller, and J. Smans. Verification of concurrent programs with Chalice. In Foundations of Security Analysis and Design V, volume 5705 of LNCS. 2009.

Digital Library

[24]

R. Ley-Wild and A. Nanevski. Subjective auxiliary state for coarse-grained concurrency. In POPL, 2013.

Digital Library

[25]

J. Manson, W. Pugh, and S. V. Adve. The Java memory model. In POPL, 2005.

Digital Library

[26]

P. McKenney. Exploiting deferred destruction: an analysis of read-copy-update techniques in operating system kernels. PhD thesis, Oregon Graduate Institute, 2004.

Digital Library

[27]

M. M. Michael and M. L. Scott. Nonblocking algorithms and preemption-safe locking on multiprogrammed shared memory multiprocessors. JPDC, 51 (1): 1--26, 1998.

Digital Library

[28]

A. Nanevski, R. Ley-Wild, I. Sergey, and G. A. Delbianco. Communicating state transition systems for fine-grained concurrent resources. In ESOP, 2014.

Digital Library

[29]

P. O'Hearn. Resources, concurrency, and local reasoning. Theoretical Computer Science, 375 (1): 271--307, 2007.

Digital Library

[30]

S. Owens. Reasoning about the implementation of concurrency abstractions on x86-TSO. In ECOOP, 2010.

Digital Library

[31]

S. Owens, S. Sarkar, and P. Sewell. A better x86 memory model: x86-TSO. In TPHOLs, 2009.

Digital Library

[32]

T. Ridge. A rely-guarantee proof system for x86-TSO. In VSTTE, 2010.

Digital Library

[33]

V. A. Saraswat, R. Jagadeesan, M. Michael, and C. von Praun. A theory of memory models. In PPoPP, 2007.

Digital Library

[34]

A. Singh, S. Narayanasamy, D. Marino, T. Millstein, and M. Musuvathi. End-to-end sequential consistency. In ISCA, 2012.

Digital Library

[35]

K. Svendsen and L. Birkedal. Impredicative concurrent abstract predicates. In ESOP, 2014.

Digital Library

[36]

A. Turon, D. Dreyer, and L. Birkedal. Unifying refinement and Hoare-style reasoning in a logic for higher-order concurrency. In ICFP, 2013.

Digital Library

[37]

V. Vafeiadis and C. Narayan. Relaxed separation logic: A program logic for C11 concurrency. In OOPSLA, 2013.

Digital Library

[38]

V. Vafeiadis and M. Parkinson. A marriage of rely/guarantee and separation logic. In CONCUR, 2007.

Digital Library

[39]

I. Wehrman and J. Berdine. A proposal for weak-memory local reasoning. In LOLA, 2011.

[40]

M. Dodds, X. Feng, M. Parkinson, and V. Vafeiadis. Deny-guarantee reasoning. In ESOP, 2009.

Digital Library

Cited By

Wolf FSchwerhoff MMüller P(2023)Concise outlines for a complex logic: a proof outline checker for TaDAFormal Methods in System Design10.1007/s10703-023-00427-w61:1(110-136)Online publication date: 31-Jul-2023
https://doi.org/10.1007/s10703-023-00427-w
Colvin R(2023)A Fine-Grained Semantics for Arrays and Pointers Under Weak Memory ModelsFormal Methods10.1007/978-3-031-27481-7_18(301-320)Online publication date: 6-Mar-2023
https://dl.acm.org/doi/10.1007/978-3-031-27481-7_18
Raad AMaranget LVafeiadis V(2022)Extending Intel-x86 consistency and persistency: formalising the semantics of Intel-x86 memory types and non-temporal storesProceedings of the ACM on Programming Languages10.1145/34986836:POPL(1-31)Online publication date: 12-Jan-2022
https://dl.acm.org/doi/10.1145/3498683
Show More Cited By

Index Terms

GPS: navigating weak memory with ghosts, protocols, and separation
1. Software and its engineering
  1. Software notations and tools
    1. Formal language definitions
2. Theory of computation

Recommendations

GPS: navigating weak memory with ghosts, protocols, and separation
OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications

Weak memory models formalize the inconsistent behaviors that one can expect to observe in multithreaded programs running on modern hardware. In so doing, however, they complicate the already-difficult task of reasoning about correctness of concurrent ...
Read More
Verifying read-copy-update in a logic for weak memory
PLDI '15

Read-Copy-Update (RCU) is a technique for letting multiple readers safely access a data structure while a writer concurrently modifies it. It is used heavily in the Linux kernel in situations where fast reads are important and writes are infrequent. ...
Read More
Verifying read-copy-update in a logic for weak memory
PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation

Read-Copy-Update (RCU) is a technique for letting multiple readers safely access a data structure while a writer concurrently modifies it. It is used heavily in the Linux kernel in situations where fast reads are important and writes are infrequent. ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 49, Issue 10

OOPSLA '14

October 2014

907 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/2714064

Editor:
Andy Gill
University of Kansas, Lawrence, KS

Issue’s Table of Contents

OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications
October 2014
946 pages
ISBN:9781450325851
DOI:10.1145/2660193
General Chair:
Andrew Black
Portland State University, USA
,
Program Chair:
Todd Millstein
University of California, Los Angeles, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2014

Published in SIGPLAN Volume 49, Issue 10

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Seventh Framework Programme

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

99
Total Citations
View Citations
312
Total Downloads

Downloads (Last 12 months)22
Downloads (Last 6 weeks)2

Other Metrics

View Author Metrics

Citations

Cited By

Wolf FSchwerhoff MMüller P(2023)Concise outlines for a complex logic: a proof outline checker for TaDAFormal Methods in System Design10.1007/s10703-023-00427-w61:1(110-136)Online publication date: 31-Jul-2023
https://doi.org/10.1007/s10703-023-00427-w
Colvin R(2023)A Fine-Grained Semantics for Arrays and Pointers Under Weak Memory ModelsFormal Methods10.1007/978-3-031-27481-7_18(301-320)Online publication date: 6-Mar-2023
https://dl.acm.org/doi/10.1007/978-3-031-27481-7_18
Raad AMaranget LVafeiadis V(2022)Extending Intel-x86 consistency and persistency: formalising the semantics of Intel-x86 memory types and non-temporal storesProceedings of the ACM on Programming Languages10.1145/34986836:POPL(1-31)Online publication date: 12-Jan-2022
https://dl.acm.org/doi/10.1145/3498683
Carbonneaux QZilberstein NKlee CO'Hearn PZappa Nardelli FPopescu AZdancewic S(2022)Applying formal verification to microkernel IPC at metaProceedings of the 11th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3497775.3503681(116-129)Online publication date: 17-Jan-2022
https://dl.acm.org/doi/10.1145/3497775.3503681
Mével GJourdan J(2021)Formal verification of a concurrent bounded queue in a weak memory modelProceedings of the ACM on Programming Languages10.1145/34735715:ICFP(1-29)Online publication date: 19-Aug-2021
https://dl.acm.org/doi/10.1145/3473571
Dalvandi SDongol BDoherty SWehrheim H(2021)Integrating Owicki–Gries for C11-Style Memory Models into Isabelle/HOLJournal of Automated Reasoning10.1007/s10817-021-09610-266:1(141-171)Online publication date: 16-Nov-2021
https://doi.org/10.1007/s10817-021-09610-2
Wolf FSchwerhoff MMüller P(2021)Concise Outlines for a Complex Logic: A Proof Outline Checker for TaDAFormal Methods10.1007/978-3-030-90870-6_22(407-426)Online publication date: 10-Nov-2021
https://doi.org/10.1007/978-3-030-90870-6_22
Summers AMüller P(2020)Automating deductive verification for weak-memory programs (extended version)International Journal on Software Tools for Technology Transfer10.1007/s10009-020-00559-yOnline publication date: 6-Mar-2020
https://doi.org/10.1007/s10009-020-00559-y
Panchekha PErnst MTatlock ZKamil S(2019)Modular verification of web page layoutProceedings of the ACM on Programming Languages10.1145/33605773:OOPSLA(1-26)Online publication date: 10-Oct-2019
https://dl.acm.org/doi/10.1145/3360577
Hähnle RHuisman M(2019)Deductive Software Verification: From Pen-and-Paper Proofs to Industrial ToolsComputing and Software Science10.1007/978-3-319-91908-9_18(345-373)Online publication date: 2019
https://doi.org/10.1007/978-3-319-91908-9_18
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents