Modular verification of assembly code with stack-based control abstractions

Feng, Xiaobing; Shao, Zhong; Vaynberg, Alexander; Xiang, Sen; Ni, Zhaozhong

doi:10.1145/1133255.1134028

Cited by 34 publications

(40 citation statements)

References 32 publications

(13 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The atomicity and isolation properties of transaction can also be formally verified in our framework. We introduce a local guarantee g for each thread, as in SCAP [23] , describing valid memory updates -it is safe for the current transaction to roll back only after make a memory update allowed by g. So when a transaction rolls back, it guarantees that the memory in the current thread state is consistent with the memory at the beginning of the transaction, just as nothing has been done. The isolation is enforced by CSL, in status act the shared memory is required to be unchanged due to that the transaction may roll back, so only in status cmt the memory updates can be visible to other threads.…”

Section: Inference Rulesmentioning

confidence: 99%

Formal Reasoning About Lazy-STM Programs

李勇

张昱

陈意云

et al. 2010

J. Comput. Sci. Technol.

View full text Add to dashboard Cite

Transactional memory (TM) is an easy-using parallel programming model that avoids common problems associated with conventional locking techniques. Several researchers have proposed a large amount of alternative hardware and software TM implementations. However, few ones focus on formal reasoning about these TM programs. In this paper, we propose a framework at assembly level for reasoning about lazy software transactional memory (STM) programs. First, we give a software TM implementation based on lightweight locks. These locks are also one part of the shared memory. Then we define the semantics of the model operationally, and the lightweight locks in transaction are non-blocking, avoiding deadlocks among transactions. Finally we design a logic -a combination of permission accounting in separation logic and concurrent separation logic -to verify various properties of concurrent programs based on this machine model. The whole framework is formalized using a proof-carrying-code (PCC) framework.

show abstract

Section: Inference Rulesmentioning

confidence: 99%

Formal Reasoning About Lazy-STM Programs

李勇

张昱

陈意云

et al. 2010

J. Comput. Sci. Technol.

View full text Add to dashboard Cite

show abstract

“…As mentioned in Subsection 1.4, our approach follows the second methodology, which is also used in SCAP [9] and previous work [7][8] . In SCAP, a code specification consists of a precondition p and an action g, rather than using the methodology reasoning about first-class code pointers, to support modular certification of function call, especially the last return instruction of a function.…”

Section: Our Approachmentioning

confidence: 99%

“…In our framework, a code specification θ is a triple, consisting of a precondition p, an action g and a tag b. The precondition p and action g are like the notations used in original SCAP [9] but they have two extra arguments, t and X, as we explained in Section 3. In a code specification θ, precondition p specifies the precondition before machine executes an instruction.…”

Section: Specificationmentioning

confidence: 99%

See 1 more Smart Citation

Certification of Thread Context Switching

Guo

Jiang

Chen

2010

J. Comput. Sci. Technol.

View full text Add to dashboard Cite

With recent efforts to build foundational certified software systems, two different approaches have been proposed to certify thread context switching. One is to certify both threads and context switching in a single logic system, and the other certifies threads and context switching at different abstraction levels. The former requires heavyweight extensions in the logic system to support first-class code pointers and recursive specifications. Moreover, the specification for context switching is very complex. The latter supports simpler and more natural specifications, but it requires the contexts of threads to be abstracted away completely when threads are certified. As a result, the conventional implementation of context switching used in most systems needs to be revised to make the abstraction work. In this paper, we extend the second approach to certify the conventional implementation, where the clear abstraction for threads is unavailable since both threads and context switching hold pointers of thread contexts. To solve this problem, we allow the program specifications for threads to refer to pointers of thread contexts. Thread contexts are treated as opaque structures, whose contents are unspecified and should never be accessed by the code of threads. Therefore, the advantage of avoiding the direct support of first-class code pointers is still preserved in our method. Besides, our new approach is also more lightweight. Instead of using two different logics to certify threads and context switching, we employ only one program logic with two different specifications for the context switching. One is used to certify the implementation itself, and the more abstract one is used as an interface between threads and context switching at a higher abstraction level. The consistency between the two specifications are enforced by the global program invariant.

show abstract

“…1, note that the infinite loop of the first path never exits the current function, so the end points should be "a4" and "b1". This method needs a logical function stack to be maintained and complicates the program logic system [8].…”

Section: Introductionmentioning

confidence: 99%

Certifying assembly programs with trails

Wang

2011

Front. Comput. Sci. China

View full text Add to dashboard Cite

In this paper, we introduce a new way of certifying assembly programs. Unlike previous program logics, we extract the control-flow information from the code and generate an intermediate trail between the specification and the real code. Trails are auxiliary specifications and treated as modules in the certification process. We define a simple modular program logic called trail-based certified assembly programming (TCAP) to certify and link different parts of a program using the corresponding trails. Because the control flow information in trails is explicit, the rules are easier to design. We show that our logic is powerful enough to prove partial correctness of assembly programs with features including stack-based abstractions and self-modifying code. We also provide a semantics for TCAP and prove that the logic is sound with respect to the semantics.

show abstract

Modular verification of assembly code with stack-based control abstractions

Cited by 34 publications

References 32 publications

Formal Reasoning About Lazy-STM Programs

Formal Reasoning About Lazy-STM Programs

Certification of Thread Context Switching

Certifying assembly programs with trails

Contact Info

Product

Resources

About