Abstract
In this article, we propose an approach to program verification using an abstract characterisation of weak memory models. Our approach is based on a hierarchical axiom scheme that captures the observational properties of a memory model. In particular, we show that it is possible to prove correctness of a program with respect to a particular axiom scheme, and we show this proof to suffice for any memory model that satisfies the axioms. Our axiom scheme is developed using a characterisation of weakest liberal preconditions for weak memory. This characterisation naturally extends to Hoare logic and Owicki-Gries reasoning by lifting weakest liberal preconditions (defined over read/write events) to the level of programs. We study three memory models (SC, TSO, and RC11-RAR) as example instantiations of the axioms, then we demonstrate the applicability of our reasoning technique on a number of litmus tests. The majority of the proofs in this article are supported by mechanisation within Isabelle/HOL.
- [1] . 2017. Stateless model checking for TSO and PSO. Acta Inf. 54, 8 (2017), 789–818.Google ScholarDigital Library
- [2] . 2019. Verification of programs under the release-acquire semantics. In Proceedings of the PLDI, and (Eds.). ACM, 1117–1132. Google ScholarDigital Library
- [3] . 2017. Context-bounded analysis for POWER. In Proceedings of the TACAS(
Lecture Notes in Computer Science , Vol. 10206), and (Eds.). 56–74. Google ScholarDigital Library - [4] . 2016. Stateless model checking for POWER. In Proceedings of the CAV(
Lecture Notes in Computer Science , Vol. 9780), and (Eds.). Springer, 134–156. Google ScholarCross Ref - [5] . 2018. Optimal stateless model checking under the release-acquire semantics. Proc. ACM Program. Lang. 2, OOPSLA (2018), 135:1–135:29. Google ScholarDigital Library
- [6] . 1996. Shared memory consistency models: A tutorial. Computer 29, 12 (1996), 66–76. Google ScholarDigital Library
- [7] . 2017. Ogre and Pythia: An invariance proof method for weak consistency models. In Proceedings of the POPL, and (Eds.). ACM, 3–18.Google ScholarDigital Library
- [8] . 2013. Software verification for weak memory via program transformation. In Proceedings of the ESOP(
LNCS , Vol. 7792), and (Eds.). Springer, 512–532.Google ScholarDigital Library - [9] . 2013. Partial orders for efficient bounded model checking of concurrent software. In Proceedings of the CAV(
LNCS , Vol. 8044), and (Eds.). Springer, 141–157.Google ScholarCross Ref - [10] . 2014. Herding cats: Modelling, simulation, testing, and data mining for weak memory. ACM Trans. Program. Lang. Syst. 36, 2 (2014), 7:1–7:74. Google ScholarDigital Library
- [11] . 2009. Verification of Sequential and Concurrent Programs. Springer.Google ScholarDigital Library
- [12] . 2011. Getting rid of store-buffers in TSO analysis. In CAV(
Lecture Notes in Computer Science , Vol. 6806), and (Eds.). Springer, 99–115. Google ScholarCross Ref - [13] . 2013. Library abstraction for C/C++ concurrency. In Proceedings of the POPL, and (Eds.). ACM, 235–248. Google ScholarDigital Library
- [14] . 2011. Mathematizing C++ concurrency. In Proceedings of the POPL, and (Eds.). ACM, 55–66. Google ScholarDigital Library
- [15] . 2022. View-based Owicki-Gries reasoning for persistent x86-TSO. In Proceedings of the ESOP(
Lecture Notes in Computer Science , Vol. 13240), (Ed.). Springer, 234–261. Google ScholarDigital Library - [16] . 2012. Concurrent library correctness on the TSO memory model. In Proceedings of the ESOP(
LNCS , Vol. 7211), (Ed.). Springer, 87–107. Google ScholarDigital Library - [17] . 2021. Revamping hardware persistency models: View-based and axiomatic persistency models for Intel-x86 and Armv8. In Proceedings of the PLDI, and (Eds.). ACM, 16–31. Google ScholarDigital Library
- [18] . 2021. Rely/guarantee reasoning for multicopy atomic weak memory models. In Proceedings of the FM(
Lecture Notes in Computer Science , Vol. 13047), , , and (Eds.). Springer, 292–310. Google ScholarDigital Library - [19] . 2020. Owicki-gries reasoning for C11 RAR. In Proceedings of the ECOOP (LIPIcs), (Ed.). Schloss Dagstuhl - Leibniz-Zentrum für Informatik.Google Scholar
- [20] . 2022. Integrating Owicki-Gries for C11-style memory models into Isabelle/HOL. J. Autom. Reason. 66, 1 (2022), 141–171. Google ScholarDigital Library
- [21] . 2017. Effective abstractions for verification under relaxed memory models. Comput. Lang. Syst. Struct. 47 (2017), 62–76. Google ScholarCross Ref
- [22] . 2012. User-level implementations of read-copy update. IEEE Trans. Parallel Distrib. Syst. 23, 2 (2012), 375–382. Google ScholarDigital Library
- [23] . 2022. Isabelle/HOL files for “Unifying Operational Weak Memory Verification: An Axiomatic Approach.” Retrieved from .Google ScholarCross Ref
- [24] . 2019. Verifying C11 programs operationally. In Proceedings of the PPoPP, and (Eds.). ACM, 355–365. Google ScholarDigital Library
- [25] . 2016. A program logic for C11 memory fences. In Proceedings of the VMCAI(
Lecture Notes in Computer Science , Vol. 9583), and (Eds.). Springer, 413–430. Google ScholarDigital Library - [26] . 2017. Tackling real-life relaxed concurrency with FSL++. In Proceedings of the ESOP(
Lecture Notes in Computer Science , Vol. 10201), (Ed.). Springer, 448–475. Google ScholarDigital Library - [27] . 2016. Convolution as a unifying concept: Applications in separation logic, interval calculi, and concurrency. ACM Trans. Comput. Log. 17, 3 (2016), 15:1–15:25. Google ScholarDigital Library
- [28] . 2016. Modelling the ARMv8 architecture, operationally: Concurrency and ISA. In Proceedings of the POPL, and (Eds.). ACM, 608–621. Google ScholarDigital Library
- [29] . 2019. BMC for weak memory models: Relation analysis for compact SMT encodings. In Proceedings of the CAV(
LNCS , Vol. 11561), and (Eds.). Springer, 355–365. Google ScholarCross Ref - [30] . 1969. An axiomatic basis for computer programming. Commun. ACM 12, 10 (1969), 576–580.Google ScholarDigital Library
- [31] . 2011. Concurrent Kleene algebra and its foundations. J. Log. Algebraic Methods Program. 80, 6 (2011), 266–296. Google ScholarCross Ref
- [32] . 2020. Pomsets with preconditions: A simple model of relaxed memory. Proc. ACM Program. Lang. 4, OOPSLA (2020), 194:1–194:30. Google ScholarDigital Library
- [33] . 2017. Strong logic for weak memory: Reasoning about release-acquire consistency in Iris. In Proceedings of the ECOOP(
LIPIcs , Vol. 74), (Ed.). Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 17:1–17:29.Google Scholar - [34] . 2017. A promising semantics for relaxed-memory concurrency. In Proceedings of the POPL, and (Eds.). ACM, 175–189.Google ScholarDigital Library
- [35] . 2018. Effective stateless model checking for C/C++ concurrency. Proc. ACM Program. Lang. 2, POPL (2018), 17:1–17:32.Google ScholarDigital Library
- [36] . 2019. Model checking for weakly consistent libraries. In Proceedings of the PLDI, and (Eds.). ACM, 96–110.Google ScholarDigital Library
- [37] . 2019. Verification under causally consistent shared memory. SIGLOG News 6, 2 (2019), 43–56.Google ScholarDigital Library
- [38] . 2015. Owicki-Gries reasoning for weak memory models. In Proceedings of the ICALP(
LNCS , Vol. 9135), , , , and (Eds.). Springer, 311–323.Google ScholarDigital Library - [39] . 2017. Repairing sequential consistency in C/C++11. In Proceedings of the PLDI, and (Eds.). ACM, 618–632. Google ScholarDigital Library
- [40] . 1979. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Comput. 28, 9 (1979), 690–691.Google ScholarDigital Library
- [41] . 1990. win and sin: Predicate transformers for concurrency. ACM Trans. Program. Lang. Syst. 12, 3 (1990), 396–428.Google ScholarDigital Library
- [42] . 2020. Promising 2.0: Global optimizations in relaxed memory concurrency. In Proceedings of the PLDI, and (Eds.). ACM, 362–376. Google ScholarDigital Library
- [43] . 1975. Reduction: A new method of proving properties of systems of processes. In Proceedings of the POPL, , , and (Eds.). ACM Press, 78–86. Google ScholarDigital Library
- [44] . 2005. The Java memory model. In Proceedings of the POPL. ACM, 378–391.Google ScholarDigital Library
- [45] . 2006. Algebras of modal operators and partial correctness. Theor. Comput. Sci. 351, 2 (2006), 221–239. Google ScholarDigital Library
- [46] . 2016. An operational semantics for C/C++11 concurrency. In Proceedings of the OOPSLA, and (Eds.). ACM, 111–128.Google ScholarDigital Library
- [47] . 2009. A better x86 memory model: x86-TSO. In Proceedings of the TPHOLs(
Lecture Notes in Computer Science , Vol. 5674), , , , and (Eds.). Springer, 391–407. Google ScholarDigital Library - [48] . 1976. An axiomatic proof technique for parallel programs I. Acta Inf. 6 (1976), 319–340.Google ScholarDigital Library
- [49] . 2020. Modular relaxed dependencies in weak memory concurrency. In Proceedings of the ESOP(
Lecture Notes in Computer Science , Vol. 12075), (Ed.). Springer, 599–625. Google ScholarDigital Library - [50] . 2016. Operational aspects of C/C++ concurrency. Retrieved from
arxiv:1606.01400. Google Scholar - [51] . 2018. BMC with memory models as modules. In Proceedings of the FMCAD, and (Eds.). IEEE, 1–9.Google Scholar
- [52] . 2019. Promising-ARM/RISC-V: A simpler and faster operational concurrency model. In Proceedings of the PLDI, and (Eds.). ACM, 1–15. Google ScholarDigital Library
- [53] . 2011. Understanding POWER multiprocessors. In Proceedings of the PLDI, and (Eds.). ACM, 175–186. Google ScholarDigital Library
- [54] . 2010. x86-TSO: A rigorous and usable programmer’s model for x86 multiprocessors. Commun. ACM 53, 7 (2010), 89–97. Google ScholarDigital Library
- [55] . 2018. Automating deductive verification for weak-memory programs. In Proceedings of the TACAS(
LNCS , Vol. 10805), and (Eds.). Springer, 190–209.Google ScholarCross Ref - [56] . 2018. A separation logic for a promising semantics. In Proceedings of the ESOP(
LNCS , Vol. 10801), (Ed.). Springer, 357–384.Google ScholarCross Ref - [57] . 2013. SPIN as a linearizability checker under weak memory models. In Proceedings of the HVC(
LNCS , Vol. 8244), and (Eds.). Springer, 311– 326.Google ScholarCross Ref - [58] . 2014. GPS: Navigating weak memory with ghosts, protocols, and separation. In Proceedings of the OOPSLA, and (Eds.). ACM, 691–707.Google ScholarDigital Library
- [59] . 2017. Automatically comparing memory consistency models. In Proceedings of the POPL, and (Eds.). ACM, 190–204. Retrieved from http://dl.acm.org/citation.cfm?id=3009838.Google ScholarDigital Library
- [60] . 2021. Owicki-Gries reasoning for C11 programs with relaxed dependencies. In Proceedings of the FM(
Lecture Notes in Computer Science , Vol. 13047), , , and (Eds.). Springer, 237–254. Google ScholarDigital Library
Index Terms
- Unifying Operational Weak Memory Verification: An Axiomatic Approach
Recommendations
Integrating Owicki–Gries for C11-Style Memory Models into Isabelle/HOL
AbstractWeak memory presents a new challenge for program verification and has resulted in the development of a variety of specialised logics. For C11-style memory models, our previous work has shown that it is possible to extend Hoare logic and Owicki–...
Mechanised Operational Reasoning for C11 Programs with Relaxed Dependencies
Verification techniques for C11 programs have advanced significantly in recent years with the development of operational semantics and associated logics for increasingly large fragments of C11. However, these semantics and logics have been developed in a ...
View-Based Owicki–Gries Reasoning for Persistent x86-TSO
Programming Languages and SystemsAbstractThe rise of persistent memory is disrupting computing to its core. Our work aims to help programmers navigate this brave new world by providing a program logic for reasoning about x86 code that uses low-level operations such as memory accesses and ...
Comments