A Separation Logic for a Promising Semantics

Self Cite

Concurrent libraries are the building blocks for concurrency. They encompass a range of abstractions (e.g. locks, exchangers, stacks, queues, sets) built in a layered fashion: more advanced libraries are built out of simpler ones. While there has been a lot of work on verifying such libraries in a sequentially consistent (SC) environment, little is known about how to specify and verify them under weak memory consistency (WMC). We propose a general declarative framework that allows us to specify concurrent libraries declaratively, and to verify library implementations against their specifications compositionally. Our framework is sufficient to encode standard models such as SC, (R)C11 and TSO. Additionally, we specify several concurrent libraries, including mutual exclusion locks, reader-writer locks, exchangers, queues, stacks and sets. We then use our framework to verify multiple weakly consistent implementations of locks, exchangers, queues and stacks. CCS Concepts: • Software and its engineering → General programming languages; • Theory of computation → Semantics and reasoning; Concurrency;

Section: Related Workmentioning

confidence: 99%

On library correctness under weak memory consistency: specifying and verifying concurrent libraries under declarative consistency models

Raad

Doko

Rožić

et al. 2019

Self Cite

“…defined the promising semantics, which comes with a number of results, which we are able to exploit for our weakest model. It has also led to some follow up work, which proved correctness of compilation to ARM [Podkopaev et al 2017[Podkopaev et al , 2019 and the correctness of a program logic over it [Svendsen et al 2018]. Nevertheless, as discussed, the promising semantics also has a number of shortcomings, which are difficult to resolve because of the model's complexity and brittleness.…”

Section: Related Workmentioning

confidence: 99%

“…Their soundness proofs, however, rely heavily on the acyclicity of po ∪ rf and it is unclear whether they can be adapted to the weaker setting of weakestmo. Among these logics, RSL [Vafeiadis and Narayan 2013] should be sound under our model, because Svendsen et al [2018] proved the soundness of a variant of it over the promising semantics. For the more advanced logics, however, the counterexample of Doko and Vafeiadis [2017] shows that certain adaptations will be needed.…”

Section: Future Work and Conclusionmentioning

confidence: 99%

Grounding thin-air reads with event structures

Chakraborty

Vafeiadis

2019

Self Cite

The key challenge in defining the concurrency semantics of a programming language is how to enable the most efficient compilation to existing hardware architectures, and yet forbid programs from reading thin-air values, i.e., ones that do not appear in the program. At POPL'17, Kang et al. achieved a major breakthrough by introducing the 'promising' semantics that came with results showing that it was a good candidate solution to the problem. Unfortunately, however, the promising semantics is rather complicated, and due to its complexity it contains some flaws and limitations that are very hard to address. In response, we present an alternative solution to this problem based on event structures. We show that it is indeed a solution by establishing the standard results about the semantics (DRF theorems, implementation and optimization correctness) as well as a formal connection to the semantics of Kang et al. Further, we show that it is easier to adapt, by extending the semantics to cover features (such as SC accesses) that are not supported by Kang et al. and to rule out some dubious behaviors admitted by the promising semantics.

“…Kang et al 's promising semantics [Kang et al 2017] is a proposal for fixing C11's out-of-thin-air problem without prohibiting load-store reordering on relaxed accesses (as RC11 and ORC11 do). Svendsen et al [2018] introduce the first program logic for the promising semantics. Their logic is based on RSL [Vafeaidis and Narayan 2013] and supports relaxed accesses but not fences.…”

Section: Related and Future Workmentioning

confidence: 99%

RustBelt meets relaxed memory

Dang

Jourdan

Kaiser

et al. 2019

The Rust programming language supports safe systems programming by means of a strong ownership-tracking type system. In their prior work on RustBelt, Jung et al. began the task of setting Rust's safety claims on a more rigorous formal foundation. Specifically, they used Iris, a Coq-based separation logic framework, to build a machine-checked proof of semantic soundness for a λ-calculus model of Rust, as well as for a number of widely-used Rust libraries that internally employ unsafe language features. However, they also made the significant simplifying assumption that the language is sequentially consistent. In this paper, we adapt RustBelt to account for the relaxed-memory operations that concurrent Rust libraries actually use, in the process uncovering a data race in the Arc library. We focus on the most interesting technical problem: how to reason about resource reclamation under relaxed memory, using a logical construction we call synchronized ghost state.