Communicating State Transition Systems for Fine-Grained Concurrent Resources

Nanevski, Aleksandar; Ley-Wild, Ruy; Sergey, Ilya; Delbianco, Germán Andrés

doi:10.1007/978-3-642-54833-8_16

Cited by 87 publications

(119 citation statements)

References 20 publications

(37 reference statements)

Supporting

Mentioning

117

Contrasting

Order By: Relevance

“…[24], [8], [7], [3], [13], [6], [21], [17], [19], [4], [11]), namely ghost states, protocols and separation logic, and adapts them in a novel way to support modular weak memory reasoning. We shall first give a brief introduction about GPS, focusing on atomic writes/reads and escrows, which are essential for synchronisations.…”

Section: The Gps Frameworkmentioning

confidence: 99%

Reasoning about Fences and Relaxed Atomics

Vafeiadis

Qin³

et al. 2016

2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)

View full text Add to dashboard Cite

Abstract-For efficiency reasons, weak (or relaxed) memory is now the norm on modern architectures. To cater for this trend, modern programming languages are adapting their memory models. The new C11 memory model [1] allows several levels of memory weakening, including non-atomics, relaxed atomics, releaseacquire atomics, and sequentially consistent atomics. Under such weak memory models, multithreaded programs exhibit more behaviours, some of which would have been inconsistent under the traditional strong (i.e. sequentially consistent) memory model. This makes the task of reasoning about concurrent programs even more challenging. The GPS framework, recently developed by Turon et al. [22], has made a step forward towards tackling this challenge. By integrating ghost states, per-location protocols and separation logic, GPS can successfully verify programs with release-acquire atomics. In this paper, we present a program logic, an enhancement of the GPS framework, that can support the verification of a bigger class of C11 programs, that is, programs with release-acquire atomics, relaxed atomics and release-acquire fences. Key elements of our proposed logic include two new types of assertions, a more expressive resource model and a set of newlydesigned verification rules.

show abstract

Section: The Gps Frameworkmentioning

confidence: 99%

Reasoning about Fences and Relaxed Atomics

Vafeiadis

Qin³

et al. 2016

2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)

View full text Add to dashboard Cite

show abstract

“…Finally, the most important invariant is that a node x is contained in either self or other subjective view iff it's marked in the joint graph. The metatheory of FCSL [Nanevski et al 2014, §4] requires the coherence predicates to satisfy several properties that we omit here, but prove in our implementation. The most important property is the fork-join closure, stating that the state space is closed under realignment of self and other components.…”

Section: Outline Of the Mechanized Developmentmentioning

confidence: 99%

“…The span algorithm uses only one concurroid SpanTree, allocated by hide out of the concurroid Priv for thread-local state. In general, FCSL specs can span multiple primitive concurroids, of the same or different kinds, which are entangled by interconnecting special channel-like transitions [Nanevski et al 2014]. The interconnection implements synchronized communication, by which concurroids exchange heap ownership.…”

Section: More Examplesmentioning

confidence: 99%

See 1 more Smart Citation

Mechanized verification of fine-grained concurrent programs

2015

Self Cite

View full text Add to dashboard Cite

Efficient concurrent programs and data structures rarely employ coarse-grained synchronization mechanisms (i.e., locks); instead, they implement custom synchronization patterns via fine-grained primitives, such as compare-and-swap. Due to sophisticated interference scenarios between threads, reasoning about such programs is challenging and error-prone, and can benefit from mechanization.In this paper, we present the first completely formalized framework for mechanized verification of full functional correctness of fine-grained concurrent programs. Our tool is based on the recently proposed program logic FCSL. It is implemented as an embedded domain-specific language in the dependently-typed language of the Coq proof assistant, and is powerful enough to reason about programming features such as higher-order functions and local thread spawning. By incorporating a uniform concurrency model, based on state-transition systems and partial commutative monoids, FCSL makes it possible to build proofs about concurrent libraries in a thread-local, compositional way, thus facilitating scalability and reuse: libraries are verified just once, and their specifications are used ubiquitously in client-side reasoning. We illustrate the proof layout in FCSL by example, and report on our experience of using FCSL to verify a number of concurrent algorithms and data structures.

show abstract

“…Modern program logics, such as TaDA [5,6], Iris [7] and FCSL [8,9], combine these techniques, allowing us to prove effective modular specifications for concurrent modules such as the counter. We compare two approaches: a first-order approach used in TaDA (Section 3.6.2), and a higher-order approach introduced by Jacobs and Piessens [10] and used in Iris (Section 3.6.1).…”

Section: Introductionmentioning

confidence: 99%

A perspective on specifying and verifying concurrent modules

Dinsdale-Young

Pinto

Gardner

2018

Journal of Logical and Algebraic Methods in Programming

View full text Add to dashboard Cite

The specification of a concurrent program module, and the verification of implementations and clients with respect to such a specification, are difficult problems. A specification should be general enough that any reasonable implementation satisfies it, yet precise enough that it can be used by any reasonable client. We survey a range of techniques for specifying concurrent modules, using the example of a counter module to illustrate the benefits and limitations of each. In particular, we highlight four key concepts underpinning these techniques: auxiliary state, interference abstraction, resource ownership and atomicity. We demonstrate how these concepts can be combined to achieve two powerful approaches for specifying concurrent modules and verifying implementations and clients, which remove the limitations highlighted by the counter example.

show abstract

Communicating State Transition Systems for Fine-Grained Concurrent Resources

Cited by 87 publications

References 20 publications

Reasoning about Fences and Relaxed Atomics

Reasoning about Fences and Relaxed Atomics

Mechanized verification of fine-grained concurrent programs

A perspective on specifying and verifying concurrent modules

Contact Info

Product

Resources

About