Leaf: Modularity for Temporary Sharing in Separation Logic
Article No.: 223, Pages 31 - 58
Abstract
In concurrent verification, separation logic provides a strong story for handling both resources that are owned exclusively and resources that are shared persistently (i.e., forever). However, the situation is more complicated for temporarily shared state, where state might be shared and then later reclaimed as exclusive. We believe that a framework for temporarily-shared state should meet two key goals not adequately met by existing techniques. One, it should allow and encourage users to verify new sharing strategies. Two, it should provide an abstraction where users manipulate shared state in a way agnostic to the means with which it is shared.
We present Leaf, a library in the Iris separation logic which accomplishes both of these goals by introducing a novel operator, which we call guarding, that allows one proposition to represent a shared version of another. We demonstrate that Leaf meets these two goals through a modular case study: we verify a reader-writer lock that supports shared state, and a hash table built on top of it that uses shared state.
References
[1]
Aleš Bizjak and Lars Birkedal. 2018. On Models of Higher-Order Separation Logic. Electronic Notes in Theoretical Computer Science, 336 (2018), 57–78. issn:1571-0661 https://doi.org/10.1016/j.entcs.2018.03.016 The Thirty-third Conference on the Mathematical Foundations of Programming Semantics (MFPS XXXIII)
[2]
Richard Bornat, Peter O’Hearn, and Matthew Parkinson. 2005. Permission Accounting In Separation Logic. Sigplan Notices - SIGPLAN, 40, 259–270. https://doi.org/10.1145/1047659.1040327
[3]
John Boyland. 2003. Checking Interference with Fractional Permissions. SAS, 55–72. isbn:978-3-540-40325-8 https://doi.org/10.1007/3-540-44898-5_4
[4]
Irina Calciu, David Dice, Yossi Lev, Victor Luchangco, Virendra Marathe, and Nir Shavit. 2013. NUMA-Aware Reader-Writer Locks. ACM SIGPLAN Notices, 48, https://doi.org/10.1145/2442516.2442532
[5]
Irina Calciu, Siddhartha Sen, Mahesh Balakrishnan, and Marcos K. Aguilera. 2017. Black-box Concurrent Data Structures for NUMA Architectures. In Proceedings of the ACM Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 15 pages. isbn:978-1-4503-4465-4 https://doi.org/10.1145/3037697.3037721
[6]
Arthur Charguéraud and François Pottier. 2017. Temporary Read-Only Permissions for Separation Logic. In Programming Languages and Systems, Hongseok Yang (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg. 260–286. isbn:978-3-662-54434-1 https://doi.org/10.1007/978-3-662-54434-1_10
[7]
E. Clausen. 2017. Verifying Hash Tables in Iris.
[8]
Hoang-Hai Dang, Jacques-Henri Jourdan, Jan-Oliver Kaiser, and Derek Dreyer. 2020. RustBelt Meets Relaxed Memory. Proc. ACM Program. Lang., 4, POPL (2020), 34:1–34:29. https://doi.org/10.1145/3371102
[9]
Dave Dice and Alex Kogan. 2019. BRAVO: Biased Locking for Reader-Writer Locks. In Proceedings of the 2019 USENIX Conference on Usenix Annual Technical Conference (USENIX ATC ’19). USENIX Association, USA. 315–328. isbn:9781939133038
[10]
Thomas Dinsdale-Young, Lars Birkedal, Philippa Gardner, Matthew Parkinson, and Hongseok Yang. 2013. Views: Compositional Reasoning for Concurrent Programs. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’13). Association for Computing Machinery, New York, NY, USA. 287–300. isbn:9781450318327 https://doi.org/10.1145/2429069.2429104
[11]
Thomas Dinsdale-Young, Mike Dodds, Philippa Gardner, Matthew J. Parkinson, and Viktor Vafeiadis. 2010. Concurrent Abstract Predicates. In ECOOP 2010 – Object-Oriented Programming, Theo D’Hondt (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg. 504–528. isbn:978-3-642-14107-2 https://doi.org/10.1007/978-3-642-14107-2_24
[12]
Robert Dockins, Aquinas Hobor, and Andrew W. Appel. 2009. A Fresh Look at Separation Algebras and Share Accounting. In Proceedings of the Asian Symposium on Programming Languages and Systems (APLAS). https://doi.org/10.1007/978-3-642-10672-9_13
[13]
Rachid Guerraoui, Hugo Guiroux, Renaud Lachaize, Vivien Quéma, and Vasileios Trigonakis. 2019. Lock–Unlock: Is That All? A Pragmatic Analysis of Locking in Software Systems. ACM Trans. Comput. Syst., 36, 1 (2019), Article 1, March, 149 pages. issn:0734-2071 https://doi.org/10.1145/3301501
[14]
Travis Hance, Jon Howell, Oded Padon, and Bryan Parno. 2023. Leaf: Modularity for Temporary Sharing in Separation Logic (Artifact). https://doi.org/10.5281/zenodo.8327489
[15]
Travis Hance, Jon Howell, Oded Padon, and Bryan Parno. 2023. Leaf: Modularity for Temporary Sharing in Separation Logic (Extended Version). https://doi.org/10.48550/arXiv.2309.04851
[16]
Travis Hance, Yi Zhou, Andrea Lattuada, Reto Achermann, Alex Conway, Ryan Stutsman, Gerd Zellweger, Chris Hawblitzel, Jon Howell, and Bryan Parno. 2023. Sharding the State Machine: Automated Modular Reasoning for Complex Concurrent Systems. In 17th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2023, Boston, MA, USA, July 10-12, 2023, Roxana Geambasu and Ed Nightingale (Eds.). USENIX Association, 911–929. https://www.usenix.org/conference/osdi23/presentation/hance
[17]
Son Ho and Jonathan Protzenko. 2022. Aeneas: Rust Verification by Functional Translation. Proc. ACM Program. Lang., 6, ICFP (2022), Article 116, aug, 31 pages. https://doi.org/10.1145/3547647
[18]
W.C. Hsieh and W.E. Weihl. 1992. Scalable Reader-Writer Locks For Parallel Systems. In Proceedings Sixth International Parallel Processing Symposium. 656–659. https://doi.org/10.1109/IPPS.1992.222989
[19]
Jonas Braband Jensen and Lars Birkedal. 2012. Fictional Separation Logic. In Programming Languages and Systems, Helmut Seidl (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg. 377–396. isbn:978-3-642-28869-2 https://doi.org/10.1007/978-3-642-28869-2_19
[20]
Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2017. RustBelt: Securing the Foundations of the Rust Programming Language. Proceedings of the ACM on Programming Languages, 2 (2017), 12, 1–34. https://doi.org/10.1145/3158154
[21]
Ralf Jung, Robbert Krebbers, Lars Birkedal, and Derek Dreyer. 2016. Higher-Order Ghost State. In Proceedings of the ACM SIGPLAN International Conference on Functional Programming (ICFP). 256–269. https://doi.org/10.1145/2951913.2951943
[22]
Ralf Jung, R. Krebbers, Jacques-Henri Jourdan, A. Bizjak, L. Birkedal, and Derek Dreyer. 2018. Iris From The Ground Up: A Modular Foundation For Higher-Order Concurrent Separation Logic. Journal of Functional Programming, 28 (2018), https://doi.org/10.1017/S0956796818000151
[23]
Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’15). Association for Computing Machinery, New York, NY, USA. 637–650. isbn:9781450333009 https://doi.org/10.1145/2676726.2676980
[24]
Sanidhya Kashyap, Changwoo Min, and Taesoo Kim. 2017. Scalable NUMA-Aware Blocking Synchronization Primitives. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC ’17). USENIX Association, USA. 603–615. isbn:9781931971386
[25]
Donald E. Knuth. 1998. The Art of Computer Programming, Volume 3: (2nd Ed.) Sorting and Searching. Addison Wesley Longman Publishing Co., Inc., USA. isbn:0201896850
[26]
Robbert Krebbers, Ralf Jung, Aleš Bizjak, Jacques-Henri Jourdan, Derek Dreyer, and Lars Birkedal. 2017. The Essence of Higher-Order Concurrent Separation Logic. In Proceedings of the 26th European Symposium on Programming Languages and Systems - Volume 10201. Springer-Verlag, Berlin, Heidelberg. 696–723. isbn:9783662544334 https://doi.org/10.1007/978-3-662-54434-1_26
[27]
Neelakantan Krishnaswami, Aaron Turon, Derek Dreyer, and Deepak Garg. 2012. Superficially Substructural Types. ACM SIGPLAN Notices, 47, 41–54. https://doi.org/10.1145/2364527.2364536
[28]
Ruy Ley-Wild and Aleksandar Nanevski. 2013. Subjective Auxiliary State for Coarse-Grained Concurrency. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’13). Association for Computing Machinery, New York, NY, USA. 561–574. isbn:9781450318327 https://doi.org/10.1145/2429069.2429134
[29]
Ran Liu, Heng Zhang, and Haibo Chen. 2014. Scalable Read-Mostly Synchronization Using Passive Reader-Writer Locks. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC’14). USENIX Association, USA. 219–230. isbn:9781931971102
[30]
Aleksandar Nanevski, Ruy Ley-Wild, Ilya Sergey, and Germán Andrés Delbianco. 2014. Communicating State Transition Systems for Fine-Grained Concurrent Resources. In Proceedings of the 23rd European Symposium on Programming Languages and Systems - Volume 8410. Springer-Verlag, Berlin, Heidelberg. 290–310. isbn:9783642548321 https://doi.org/10.1007/978-3-642-54833-8_16
[31]
Peter W. O’Hearn. 2007. Resources, Concurrency, and Local Reasoning. Theor. Comput. Sci., 375, 1–3 (2007), April, 271–307. issn:0304-3975 https://doi.org/10.1016/j.tcs.2006.12.035
[32]
Matthew Parkinson. 2005. Local Reasoning for Java. Ph. D. Dissertation. University of Cambridge.
[33]
Nadia Polikarpova, Julian Tschannen, and Carlo Furia. 2017. A Fully Verified Container Library. Formal Aspects of Computing, 30 (2017), 09, 1–29. https://doi.org/10.1007/s00165-017-0435-1
[34]
François Pottier. 2017. Verifying a Hash Table and Its Iterators in Higher-Order Separation Logic. In Proceedings of the 6th ACM SIGPLAN Conference on Certified Programs and Proofs (CPP 2017). Association for Computing Machinery, New York, NY, USA. 3–16. isbn:9781450347051 https://doi.org/10.1145/3018610.3018624
[35]
John Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. IEEE Computer Society, 55–74. https://doi.org/10.1109/LICS.2002.1029817
[36]
John C. Reynolds. 2008. An Introduction to Separation Logic. https://www.cs.cmu.edu/~jcr/copenhagen08.pdf Accessed: 2022-11-08
[37]
Jun Shirako, Nick Vrvilo, Eric G. Mercer, and Vivek Sarkar. 2012. Design, Verification and Applications of a New Read-Write Lock Algorithm. In Proceedings of the Twenty-Fourth Annual ACM Symposium on Parallelism in Algorithms and Architectures (SPAA ’12). Association for Computing Machinery, New York, NY, USA. 48–57. isbn:9781450312134 https://doi.org/10.1145/2312005.2312015
[38]
Kasper Svendsen and Lars Birkedal. 2014. Impredicative Concurrent Abstract Predicates. In Programming Languages and Systems, Zhong Shao (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg. 149–168. isbn:978-3-642-54833-8 https://doi.org/10.1007/978-3-642-54833-8_9
[39]
The cppreference Team. 2011. std::lock_guard. https://en.cppreference.com/w/cpp/thread/lock_guard Accessed: 2022-11-08
[40]
The Rust Team. 2014. Struct std::sync::RwLockReadGuard. https://doc.rust-lang.org/std/sync/struct.RwLockReadGuard.html Accessed: 2022-11-08
Index Terms
- Leaf: Modularity for Temporary Sharing in Separation Logic
Recommendations
Polynomial differential‐based strong (n, t, n)‐verifiable secret sharing
Basic secret sharing schemes assume that the dealer who divides the secret and distributes shares to participants is a mutually trusted party. The basic idea of free dealer secret sharing (SS) is that each participants acts as a dealer to choose the ...
Scalable reader-writer locks
SPAA '09: Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architecturesWe present three new reader-writer lock algorithms that scale under high read-only contention. Many previous reader-writer locks suffer significant degradation when many readers attempt to acquire the lock concurrently, even though they are all allowed ...
Consistency Analysis for Secure Reconstruction in Secret Image Sharing
MoMM 2015: Proceedings of the 13th International Conference on Advances in Mobile Computing and MultimediaSecret sharing is a scheme to distribute a secret message s into n participants, thus t or more participants can reconstruct the secret message s. While less than t shares can know nothing about the secret, the problem arises when there are more than t ...
Comments
Information & Contributors
Information
Published In
October 2023
2250 pages
Copyright © 2023 Owner/Author.
This work is licensed under a Creative Commons Attribution 4.0 International License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 16 October 2023
Published in PACMPL Volume 7, Issue OOPSLA2
Check for updates
Badges
Author Tags
Qualifiers
- Research-article
Funding Sources
- NSF/VMware Partnership on Software Defined Infrastructure as a Foundation for Clean-Slate Computing Security (SDI-CSCS)
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 260Total Downloads
- Downloads (Last 12 months)260
- Downloads (Last 6 weeks)38
Reflects downloads up to 12 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in