Abstract
Concurrent libraries are the building blocks for concurrency. They encompass a range of abstractions (locks, exchangers, stacks, queues, sets) built in a layered fashion: more advanced libraries are built out of simpler ones. While there has been a lot of work on verifying such libraries in a sequentially consistent (SC) environment, little is known about how to specify and verify them under weak memory consistency (WMC).
We propose a general declarative framework that allows us to specify concurrent libraries declaratively, and to verify library implementations against their specifications compositionally. Our framework is sufficient to encode standard models such as SC, (R)C11 and TSO. Additionally, we specify several concurrent libraries, including mutual exclusion locks, reader-writer locks, exchangers, queues, stacks and sets. We then use our framework to verify multiple weakly consistent implementations of locks, exchangers, queues and stacks.
Supplemental Material
- Parosh Aziz Abdulla, Stavros Aronis, Mohamed Faouzi Atig, Bengt Jonsson, Carl Leonardsson, and Konstantinos Sagonas. 2017. Stateless model checking for TSO and PSO. Acta Inf. 54, 8 (2017), 789–818. Google ScholarDigital Library
- Parosh Aziz Abdulla, Mohamed Faouzi Atig, Bengt Jonsson, and Tuan Phong Ngo. 2018. Optimal stateless model checking under the release-acquire semantics. Proc. ACM Program. Lang. 2, OOPSLA, Article 135 (Oct. 2018), 29 pages. Google ScholarDigital Library
- Jade Alglave and Patrick Cousot. 2017. Ogre and Pythia: An invariance proof method for weak consistency models. In POPL 2017. ACM, New York, NY, USA, 3–18. Google ScholarDigital Library
- Jade Alglave, Luc Maranget, Paul E. McKenney, Andrea Parri, and Alan S. Stern. 2018. Frightening small children and disconcerting grown-ups: Concurrency in the Linux kernel. In ASPLOS 2018. ACM, New York, NY, USA, 405–418. Google ScholarDigital Library
- Jade Alglave, Luc Maranget, and Michael Tautschnig. 2014. Herding cats: Modelling, simulation, testing, and data mining for weak memory. ACM Trans. Program. Lang. Syst. 36, 2, Article 7 (July 2014), 74 pages. Google ScholarDigital Library
- Mark Batty, Mike Dodds, and Alexey Gotsman. 2013. Library abstraction for C/C++ concurrency. In POPL 2013. ACM, New York, NY, USA, 235–248. Google ScholarDigital Library
- Mark Batty, Scott Owens, Susmit Sarkar, Peter Sewell, and Tjark Weber. 2011. Mathematizing C++ concurrency. In POPL 2011. ACM, New York, NY, USA, 55–66. Google ScholarDigital Library
- Hans-J. Boehm and Brian Demsky. 2014. Outlawing ghosts: Avoiding out-of-thin-air results. In MSPC 2014. ACM, New York, NY, USA, Article 7, 6 pages. Google ScholarDigital Library
- Ahmed Bouajjani, Egor Derevenetc, and Roland Meyer. 2013. Checking and enforcing robustness against TSO. In ESOP (LNCS), Vol. 7792. Springer, Heidelberg, Germany, 533–553. Google ScholarDigital Library
- Ahmed Bouajjani, Constantin Enea, and Chao Wang. 2017. Checking linearizability of concurrent priority queues. In CONCUR 2017 (LIPIcs), Vol. 85. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 16:1–16:16.Google Scholar
- Ahmed Bouajjani, Roland Meyer, and Eike Möhlmann. 2011. Deciding robustness against total store ordering. In ICALP (2) (LNCS), Vol. 6756. Springer, Heidelberg, Germany, 428–440. Google ScholarDigital Library
- Sebastian Burckhardt, Alexey Gotsman, Madanlal Musuvathi, and Hongseok Yang. 2012. Concurrent Library Correctness on the TSO Memory Model. In ESOP 2012 (LNCS), Vol. 7211. Springer, Heidelberg, Germany, 87–107. Google ScholarDigital Library
- Sebastian Burckhardt, Alexey Gotsman, Hongseok Yang, and Marek Zawirski. 2014. Replicated data types: Specification, verification, optimality. In POPL 2014. ACM, New York, NY, USA, 271–284. Google ScholarDigital Library
- Armando Castañeda, Sergio Rajsbaum, and Michel Raynal. 2015. Specifying concurrent problems: Beyond linearizability and up to tasks. In DISC 2015 (LNCS), Vol. 9363. Springer, Heidelberg, Germany, 420–435.Google ScholarDigital Library
- Andrea Cerone, Giovanni Bernardi, and Alexey Gotsman. 2015. A framework for transactional consistency models with atomic visibility. In CONCUR 2015 (LIPIcs), Vol. 42. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 58–71.Google Scholar
- Soham Chakraborty, Thomas A. Henzinger, Ali Sezgin, and Viktor Vafeiadis. 2015. Aspect-oriented linearizability proofs. Logical Methods in Computer Science 11, 1 (2015).Google Scholar
- Thomas Dinsdale-Young, Mike Dodds, Philippa Gardner, Matthew J. Parkinson, and Viktor Vafeiadis. 2010. Concurrent abstract predicates. In ECOOP 2010 (LNCS), Vol. 6183. Springer, Heidelberg, Germany, 504–528. Google ScholarDigital Library
- Simon Doherty, Brijesh Dongol, Heike Wehrheim, and John Derrick. 2018. Making linearizability compositional for partially ordered executions. In IFM 2018 (LNCS), Vol. 11023. Springer, Heidelberg, Germany, 110–129.Google ScholarCross Ref
- Marko Doko and Viktor Vafeiadis. 2016. A program logic for C11 memory fences. In VMCAI 2016 (LNCS), Vol. 9583. Springer, Heidelberg, Germany, 413–430. Google ScholarDigital Library
- Marko Doko and Viktor Vafeiadis. 2017. Tackling real-life relaxed concurrency with FSL++. In ESOP 2017 (LNCS), Vol. 10201. Springer, Heidelberg, Germany, 448–475.Google ScholarCross Ref
- Brijesh Dongol, Radha Jagadeesan, James Riely, and Alasdair Armstrong. 2018. On abstraction and compositionality for weak-memory linearisability. In VMCAI 2018 (LNCS), Vol. 10747. Springer, Heidelberg, Germany, 183–204.Google ScholarCross Ref
- Nir Hemed, Noam Rinetzky, and Viktor Vafeiadis. 2015. Modular verification of concurrency-aware linearizability. In DISC 2015 (LNCS), Vol. 9363. Springer, Heidelberg, Germany, 371–387. Google ScholarDigital Library
- Danny Hendler, Nir Shavit, and Lena Yerushalmi. 2004. A scalable lock-free stack algorithm. In SPAA 2004. ACM, New York, NY, USA, 206–215. Google ScholarDigital Library
- Maurice Herlihy and Jeannette M. Wing. 1990. Linearizability: A correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst. 12, 3 (1990), 463–492. Google ScholarDigital Library
- Jan-Oliver Kaiser, Hoang-Hai Dang, Derek Dreyer, Ori Lahav, and Viktor Vafeiadis. 2017. Strong logic for weak memory: Reasoning about release-acquire consistency in Iris. In ECOOP 2017 (LIPIcs), Vol. 74. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 17:1–17:29.Google Scholar
- Michalis Kokologiannakis, Ori Lahav, Konstantinos Sagonas, and Viktor Vafeiadis. 2018. Effective stateless model checking for C/C++ concurrency. Proc. ACM Program. Lang. 2, POPL (2018), 17:1–17:32. Google ScholarDigital Library
- Robbert Krebbers, Ralf Jung, Aleš Bizjak, Jacques-Henri Jourdan, Derek Dreyer, and Lars Birkedal. 2017. The essence of higher-order concurrent separation logic. In ESOP 2017 (LNCS), Vol. 10201. Springer, Heidelberg, Germany, 696–723. Google ScholarDigital Library
- Ori Lahav, Nick Giannarakis, and Viktor Vafeiadis. 2016. Taming release-acquire consistency. In POPL 2016. ACM, New York, NY, USA, 649–662. Google ScholarDigital Library
- Ori Lahav and Viktor Vafeiadis. 2015. Owicki-Gries reasoning for weak memory models. In ICALP 2015 (LNCS), Vol. 9135. Springer, Heidelberg, Germany, 311–323. Google ScholarDigital Library
- Ori Lahav, Viktor Vafeiadis, Jeehoon Kang, Chung-Kil Hur, and Derek Dreyer. 2017. Repairing sequential consistency in C/C++11. In PLDI 2017. ACM, New York, NY, USA, 618–632. Google ScholarDigital Library
- Leslie Lamport. 1979. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Computers 28, 9 (Sept. 1979), 690–691. Google ScholarDigital Library
- Leslie Lamport. 1986. On interprocess communication. Distributed Computing 1, 2 (01 Jun 1986), 77–85.Google Scholar
- Xavier Leroy. 2009. A formally verified compiler back-end. J. Autom. Reasoning 43, 4 (2009), 363–446. Google ScholarDigital Library
- Jeremy Manson, William Pugh, and Sarita V. Adve. 2005. The Java memory model. In POPL’05. ACM, New York, NY, USA, 378–391. Google ScholarDigital Library
- Aleksandar Nanevski, Ruy Ley-Wild, Ilya Sergey, and Germán Andrés Delbianco. 2014. Communicating state transition systems for fine-grained concurrent resources. In ESOP 2014 (LNCS), Vol. 8410. Springer, Heidelberg, Germany, 290–310. Google ScholarDigital Library
- Gil Neiger. 1994. Set-Linearizability. In PODC 1994. ACM, New York, NY, USA, 396. Google ScholarDigital Library
- Brian Norris and Brian Demsky. 2016. A practical approach for model checking C/C++11 code. ACM Trans. Program. Lang. Syst. 38, 3, Article 10 (May 2016), 51 pages. Google ScholarDigital Library
- Scott Owens, Susmit Sarkar, and Peter Sewell. 2009. A Better x86 Memory Model: x86-TSO. In TPHOLs 2009. Springer, Heidelberg, Germany, 391–407. Google ScholarDigital Library
- Matthieu Perrin, Achour Mostéfaoui, and Claude Jard. 2015. Update consistency for wait-free concurrent objects. In IPDPS 2015. IEEE Computer Society, Piscataway, NJ, USA, 219–228. Google ScholarDigital Library
- Christopher Pulte, Shaked Flur, Will Deacon, Jon French, Susmit Sarkar, and Peter Sewell. 2018. Simplifying ARM concurrency: Multicopy-atomic axiomatic and operational models for ARMv8. Proc. ACM Program. Lang. 2, POPL (2018), 19:1–19:29. Google ScholarDigital Library
- Azalea Raad, Marko Doko, Lovro Rožić, Ori Lahav, and Viktor Vafeiadis. 2018. Technical appendix. http://plv.mpi- sws.org/ yacovet/Google Scholar
- Azalea Raad, Jules Villard, and Philippa Gardner. 2015. CoLoSL: Concurrent local subjective logic. In ESOP 2015 (LNCS), Vol. 9032. Springer, Heidelberg, Germany, 710–735.Google ScholarCross Ref
- Tom Ridge. 2010. A rely-guarantee proof system for x86-TSO. In VSTTE 2010 (LNCS), Vol. 6217. Springer, Heidelberg, Germany, 55–70. Google ScholarDigital Library
- Amr Sabry and Matthias Felleisen. 1993. Reasoning about programs in continuation-passing style. LISP and Symbolic Computation 6, 3 (01 Nov 1993), 289–360. Google ScholarDigital Library
- Ilya Sergey, Aleksandar Nanevski, and Anindya Banerjee. 2015. Specifying and verifying concurrent algorithms with histories and subjectivity. In ESOP 2015 (LNCS), Vol. 9032. Springer, Heidelberg, Germany, 333–358. Google ScholarDigital Library
- Nir Shavit. 2011. Data structures in the multicore age. Commun. ACM 54, 3 (March 2011), 76–84. Google ScholarDigital Library
- Filip Sieczkowski, Kasper Svendsen, Lars Birkedal, and Jean Pichon-Pharabod. 2015. A separation logic for fictional sequential consistency. In ESOP 2015 (LNCS), Vol. 9032. Springer, Heidelberg, Germany, 736–761.Google ScholarCross Ref
- Kasper Svendsen, Jean Pichon-Pharabod, Marko Doko, Ori Lahav, and Viktor Vafeiadis. 2018. A separation logic for a promising semantics. In ESOP 2018 (LNCS), Vol. 10801. Springer, Heidelberg, Germany, 357–384.Google ScholarCross Ref
- Joseph Tassarotti, Derek Dreyer, and Viktor Vafeiadis. 2015. Verifying read-copy-update in a logic for weak memory. In PLDI 2015. ACM, New York, NY, USA, 110–120. Google ScholarDigital Library
- Aaron Turon, Viktor Vafeiadis, and Derek Dreyer. 2014. GPS: Navigating weak memory with ghosts, protocols, and separation. In OOPSLA 2014. ACM, New York, NY, USA, 691–707. Google ScholarDigital Library
- Viktor Vafeiadis. 2010. Automatically proving linearizability. In CAV (LNCS), Vol. 6174. Springer, Heidelberg, Germany, 450–464. Google ScholarDigital Library
- Viktor Vafeiadis and Chinmay Narayan. 2013. Relaxed Separation Logic: A program logic for C11 concurrency. In OOPSLA 2013. ACM, New York, NY, USA, 867–884. Google ScholarDigital Library
- He Zhu, Gustavo Petri, and Suresh Jagannathan. 2015. Poling: SMT aided linearizability proofs. In CAV 2015 (LNCS), Vol. 9207. Springer, Heidelberg, Germany, 3–19.Google ScholarCross Ref
Index Terms
- On library correctness under weak memory consistency: specifying and verifying concurrent libraries under declarative consistency models
Recommendations
Using temporal logics for specifying weak memory consistency models
The formal verification of multithreaded programs is not just more difficult due to the concurrent behaviours, but also due to the used underlying weak memory consistency models. Weak memory models arise from techniques like store buffering that were ...
Verifying C11-style weak memory libraries
PPoPP '21: Proceedings of the 26th ACM SIGPLAN Symposium on Principles and Practice of Parallel ProgrammingDeductive verification of concurrent programs under weak memory has thus far been limited to simple programs over a monolithic state space. For scalabiility, we also require modular techniques with verifiable library abstractions. We address this ...
Virtual world consistency: A condition for STM systems (with a versatile protocol with invisible read operations)
The aim of a Software Transactional Memory (STM) is to discharge the programmers from the management of synchronization in multiprocess programs that access concurrent objects. To that end, an STM system provides the programmer with the concept of a ...
Comments