research-article

Unifying Operational Weak Memory Verification: An Axiomatic Approach

Authors:
Simon Doherty

University of Sheffield, Sheffield, UK

University of Sheffield, Sheffield, UK

0000-0001-8822-1091
View Profile

,
Sadegh Dalvandi

University of Surrey, Guildford, UK

University of Surrey, Guildford, UK

0000-0001-8813-780X
View Profile

,
Brijesh Dongol

University of Surrey, Guildford, UK

University of Surrey, Guildford, UK

0000-0003-0446-3507
View Profile

,
Heike Wehrheim

University of Oldenburg, Oldenburg, Germany

University of Oldenburg, Oldenburg, Germany

0000-0002-2385-7512
View Profile

Authors Info & Claims

ACM Transactions on Computational Logic Volume 23 Issue 4Article No.: 27pp 1–39https://doi.org/10.1145/3545117

Published:20 October 2022Publication History

ACM Transactions on Computational Logic

Abstract

In this article, we propose an approach to program verification using an abstract characterisation of weak memory models. Our approach is based on a hierarchical axiom scheme that captures the observational properties of a memory model. In particular, we show that it is possible to prove correctness of a program with respect to a particular axiom scheme, and we show this proof to suffice for any memory model that satisfies the axioms. Our axiom scheme is developed using a characterisation of weakest liberal preconditions for weak memory. This characterisation naturally extends to Hoare logic and Owicki-Gries reasoning by lifting weakest liberal preconditions (defined over read/write events) to the level of programs. We study three memory models (SC, TSO, and RC11-RAR) as example instantiations of the axioms, then we demonstrate the applicability of our reasoning technique on a number of litmus tests. The majority of the proofs in this article are supported by mechanisation within Isabelle/HOL.

REFERENCES

[1] Abdulla Parosh Aziz, Aronis Stavros, Atig Mohamed Faouzi, Jonsson Bengt, Leonardsson Carl, and Sagonas Konstantinos. 2017. Stateless model checking for TSO and PSO. Acta Inf. 54, 8 (2017), 789–818.Google ScholarDigital Library
[2] Abdulla Parosh Aziz, Arora Jatin, Atig Mohamed Faouzi, and Krishna Shankara Narayanan. 2019. Verification of programs under the release-acquire semantics. In Proceedings of the PLDI, McKinley Kathryn S. and Fisher Kathleen (Eds.). ACM, 1117–1132. Google ScholarDigital Library
[3] Abdulla Parosh Aziz, Atig Mohamed Faouzi, Bouajjani Ahmed, and Ngo Tuan Phong. 2017. Context-bounded analysis for POWER. In Proceedings of the TACAS(Lecture Notes in Computer Science, Vol. 10206), Legay Axel and Margaria Tiziana (Eds.). 56–74. Google ScholarDigital Library
[4] Abdulla Parosh Aziz, Atig Mohamed Faouzi, Jonsson Bengt, and Leonardsson Carl. 2016. Stateless model checking for POWER. In Proceedings of the CAV(Lecture Notes in Computer Science, Vol. 9780), Chaudhuri Swarat and Farzan Azadeh (Eds.). Springer, 134–156. Google ScholarCross Ref
[5] Abdulla Parosh Aziz, Atig Mohamed Faouzi, Jonsson Bengt, and Ngo Tuan Phong. 2018. Optimal stateless model checking under the release-acquire semantics. Proc. ACM Program. Lang. 2, OOPSLA (2018), 135:1–135:29. Google ScholarDigital Library
[6] Adve Sarita V. and Gharachorloo Kourosh. 1996. Shared memory consistency models: A tutorial. Computer 29, 12 (1996), 66–76. Google ScholarDigital Library
[7] Alglave Jade and Cousot Patrick. 2017. Ogre and Pythia: An invariance proof method for weak consistency models. In Proceedings of the POPL, Castagna Giuseppe and Gordon Andrew D. (Eds.). ACM, 3–18.Google ScholarDigital Library
[8] Alglave Jade, Kroening Daniel, Nimal Vincent, and Tautschnig Michael. 2013. Software verification for weak memory via program transformation. In Proceedings of the ESOP(LNCS, Vol. 7792), M. Felleisen and P. Gardner (Eds.). Springer, 512–532.Google ScholarDigital Library
[9] Alglave Jade, Kroening Daniel, and Tautschnig Michael. 2013. Partial orders for efficient bounded model checking of concurrent software. In Proceedings of the CAV(LNCS, Vol. 8044), Sharygina Natasha and Veith Helmut (Eds.). Springer, 141–157.Google ScholarCross Ref
[10] Alglave Jade, Maranget Luc, and Tautschnig Michael. 2014. Herding cats: Modelling, simulation, testing, and data mining for weak memory. ACM Trans. Program. Lang. Syst. 36, 2 (2014), 7:1–7:74. Google ScholarDigital Library
[11] Apt Krzysztof R., Boer Frank S. de, and Olderog Ernst-Rüdiger. 2009. Verification of Sequential and Concurrent Programs. Springer.Google ScholarDigital Library
[12] Atig Mohamed Faouzi, Bouajjani Ahmed, and Parlato Gennaro. 2011. Getting rid of store-buffers in TSO analysis. In CAV(Lecture Notes in Computer Science, Vol. 6806), Gopalakrishnan Ganesh and Qadeer Shaz (Eds.). Springer, 99–115. Google ScholarCross Ref
[13] Batty Mark, Dodds Mike, and Gotsman Alexey. 2013. Library abstraction for C/C++ concurrency. In Proceedings of the POPL, Giacobazzi Roberto and Cousot Radhia (Eds.). ACM, 235–248. Google ScholarDigital Library
[14] Batty Mark, Owens Scott, Sarkar Susmit, Sewell Peter, and Weber Tjark. 2011. Mathematizing C++ concurrency. In Proceedings of the POPL, Ball Thomas and Sagiv Mooly (Eds.). ACM, 55–66. Google ScholarDigital Library
[15] Bila Eleni Vafeiadi, Dongol Brijesh, Lahav Ori, Raad Azalea, and Wickerson John. 2022. View-based Owicki-Gries reasoning for persistent x86-TSO. In Proceedings of the ESOP(Lecture Notes in Computer Science, Vol. 13240), Sergey Ilya (Ed.). Springer, 234–261. Google ScholarDigital Library
[16] Burckhardt Sebastian, Gotsman Alexey, Musuvathi Madanlal, and Yang Hongseok. 2012. Concurrent library correctness on the TSO memory model. In Proceedings of the ESOP(LNCS, Vol. 7211), Seidl Helmut (Ed.). Springer, 87–107. Google ScholarDigital Library
[17] Cho Kyeongmin, Lee Sung Hwan, Raad Azalea, and Kang Jeehoon. 2021. Revamping hardware persistency models: View-based and axiomatic persistency models for Intel-x86 and Armv8. In Proceedings of the PLDI, Freund Stephen N. and Yahav Eran (Eds.). ACM, 16–31. Google ScholarDigital Library
[18] Coughlin Nicholas, Winter Kirsten, and Smith Graeme. 2021. Rely/guarantee reasoning for multicopy atomic weak memory models. In Proceedings of the FM(Lecture Notes in Computer Science, Vol. 13047), Huisman Marieke, Pasareanu Corina S., and Zhan Naijun (Eds.). Springer, 292–310. Google ScholarDigital Library
[19] Dalvandi Sadegh, Doherty Simon, Dongol Brijesh, and Wehrheim Heike. 2020. Owicki-gries reasoning for C11 RAR. In Proceedings of the ECOOP (LIPIcs), Hirschfeld Robert (Ed.). Schloss Dagstuhl - Leibniz-Zentrum für Informatik.Google Scholar
[20] Dalvandi Sadegh, Dongol Brijesh, Doherty Simon, and Wehrheim Heike. 2022. Integrating Owicki-Gries for C11-style memory models into Isabelle/HOL. J. Autom. Reason. 66, 1 (2022), 141–171. Google ScholarDigital Library
[21] Dan Andrei Marian, Meshman Yuri, Vechev Martin T., and Yahav Eran. 2017. Effective abstractions for verification under relaxed memory models. Comput. Lang. Syst. Struct. 47 (2017), 62–76. Google ScholarCross Ref
[22] Desnoyers Mathieu, McKenney Paul E., Stern Alan S., Dagenais Michel R., and Walpole Jonathan. 2012. User-level implementations of read-copy update. IEEE Trans. Parallel Distrib. Syst. 23, 2 (2012), 375–382. Google ScholarDigital Library
[23] Doherty Simon, Dalvandi Sadegh, Dongol Brijesh, and Wehrheim Heike. 2022. Isabelle/HOL files for “Unifying Operational Weak Memory Verification: An Axiomatic Approach.” Retrieved from .Google ScholarCross Ref
[24] Doherty Simon, Dongol Brijesh, Wehrheim Heike, and Derrick John. 2019. Verifying C11 programs operationally. In Proceedings of the PPoPP, Hollingsworth Jeffrey K. and Keidar Idit (Eds.). ACM, 355–365. Google ScholarDigital Library
[25] Doko Marko and Vafeiadis Viktor. 2016. A program logic for C11 memory fences. In Proceedings of the VMCAI(Lecture Notes in Computer Science, Vol. 9583), Jobstmann Barbara and Leino K. Rustan M. (Eds.). Springer, 413–430. Google ScholarDigital Library
[26] Doko Marko and Vafeiadis Viktor. 2017. Tackling real-life relaxed concurrency with FSL++. In Proceedings of the ESOP(Lecture Notes in Computer Science, Vol. 10201), Yang Hongseok (Ed.). Springer, 448–475. Google ScholarDigital Library
[27] Dongol Brijesh, Hayes Ian J., and Struth Georg. 2016. Convolution as a unifying concept: Applications in separation logic, interval calculi, and concurrency. ACM Trans. Comput. Log. 17, 3 (2016), 15:1–15:25. Google ScholarDigital Library
[28] Flur Shaked, Gray Kathryn E., Pulte Christopher, Sarkar Susmit, Sezgin Ali, Maranget Luc, Deacon Will, and Sewell Peter. 2016. Modelling the ARMv8 architecture, operationally: Concurrency and ISA. In Proceedings of the POPL, Bodík Rastislav and Majumdar Rupak (Eds.). ACM, 608–621. Google ScholarDigital Library
[29] Gavrilenko Natalia, León Hernán Ponce de, Furbach Florian, Heljanko Keijo, and Meyer Roland. 2019. BMC for weak memory models: Relation analysis for compact SMT encodings. In Proceedings of the CAV(LNCS, Vol. 11561), Dillig Isil and Tasiran Serdar (Eds.). Springer, 355–365. Google ScholarCross Ref
[30] Hoare C. A. R.. 1969. An axiomatic basis for computer programming. Commun. ACM 12, 10 (1969), 576–580.Google ScholarDigital Library
[31] Hoare Tony, Möller Bernhard, Struth Georg, and Wehrman Ian. 2011. Concurrent Kleene algebra and its foundations. J. Log. Algebraic Methods Program. 80, 6 (2011), 266–296. Google ScholarCross Ref
[32] Jagadeesan Radha, Jeffrey Alan, and Riely James. 2020. Pomsets with preconditions: A simple model of relaxed memory. Proc. ACM Program. Lang. 4, OOPSLA (2020), 194:1–194:30. Google ScholarDigital Library
[33] Kaiser Jan-Oliver, Dang Hoang-Hai, Dreyer Derek, Lahav Ori, and Vafeiadis Viktor. 2017. Strong logic for weak memory: Reasoning about release-acquire consistency in Iris. In Proceedings of the ECOOP(LIPIcs, Vol. 74), Müller Peter (Ed.). Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 17:1–17:29.Google Scholar
[34] Kang Jeehoon, Hur Chung-Kil, Lahav Ori, Vafeiadis Viktor, and Dreyer Derek. 2017. A promising semantics for relaxed-memory concurrency. In Proceedings of the POPL, Castagna Giuseppe and Gordon Andrew D. (Eds.). ACM, 175–189.Google ScholarDigital Library
[35] Kokologiannakis Michalis, Lahav Ori, Sagonas Konstantinos, and Vafeiadis Viktor. 2018. Effective stateless model checking for C/C++ concurrency. Proc. ACM Program. Lang. 2, POPL (2018), 17:1–17:32.Google ScholarDigital Library
[36] Kokologiannakis Michalis, Raad Azalea, and Vafeiadis Viktor. 2019. Model checking for weakly consistent libraries. In Proceedings of the PLDI, McKinley Kathryn S. and Fisher Kathleen (Eds.). ACM, 96–110.Google ScholarDigital Library
[37] Lahav Ori. 2019. Verification under causally consistent shared memory. SIGLOG News 6, 2 (2019), 43–56.Google ScholarDigital Library
[38] Lahav Ori and Vafeiadis Viktor. 2015. Owicki-Gries reasoning for weak memory models. In Proceedings of the ICALP(LNCS, Vol. 9135), Halldórsson Magnús M., Iwama Kazuo, Kobayashi Naoki, and Speckmann Bettina (Eds.). Springer, 311–323.Google ScholarDigital Library
[39] Lahav Ori, Vafeiadis Viktor, Kang Jeehoon, Hur Chung-Kil, and Dreyer Derek. 2017. Repairing sequential consistency in C/C++11. In Proceedings of the PLDI, Cohen Albert and Vechev Martin T. (Eds.). ACM, 618–632. Google ScholarDigital Library
[40] Lamport Leslie. 1979. How to make a multiprocessor computer that correctly executes multiprocess programs. IEEE Trans. Comput. 28, 9 (1979), 690–691.Google ScholarDigital Library
[41] Lamport Leslie. 1990. win and sin: Predicate transformers for concurrency. ACM Trans. Program. Lang. Syst. 12, 3 (1990), 396–428.Google ScholarDigital Library
[42] Lee Sung-Hwan, Cho Minki, Podkopaev Anton, Chakraborty Soham, Hur Chung-Kil, Lahav Ori, and Vafeiadis Viktor. 2020. Promising 2.0: Global optimizations in relaxed memory concurrency. In Proceedings of the PLDI, Donaldson Alastair F. and Torlak Emina (Eds.). ACM, 362–376. Google ScholarDigital Library
[43] Lipton Richard J.. 1975. Reduction: A new method of proving properties of systems of processes. In Proceedings of the POPL, Graham Robert M., Harrison Michael A., and Reynolds John C. (Eds.). ACM Press, 78–86. Google ScholarDigital Library
[44] Manson J., Pugh W., and Adve S. V.. 2005. The Java memory model. In Proceedings of the POPL. ACM, 378–391.Google ScholarDigital Library
[45] Möller Bernhard and Struth Georg. 2006. Algebras of modal operators and partial correctness. Theor. Comput. Sci. 351, 2 (2006), 221–239. Google ScholarDigital Library
[46] Nienhuis Kyndylan, Memarian Kayvan, and Sewell Peter. 2016. An operational semantics for C/C++11 concurrency. In Proceedings of the OOPSLA, Visser Eelco and Smaragdakis Yannis (Eds.). ACM, 111–128.Google ScholarDigital Library
[47] Owens Scott, Sarkar Susmit, and Sewell Peter. 2009. A better x86 memory model: x86-TSO. In Proceedings of the TPHOLs(Lecture Notes in Computer Science, Vol. 5674), Berghofer Stefan, Nipkow Tobias, Urban Christian, and Wenzel Makarius (Eds.). Springer, 391–407. Google ScholarDigital Library
[48] Owicki Susan S. and Gries David. 1976. An axiomatic proof technique for parallel programs I. Acta Inf. 6 (1976), 319–340.Google ScholarDigital Library
[49] Paviotti Marco, Cooksey Simon, Paradis Anouk, Wright Daniel, Owens Scott, and Batty Mark. 2020. Modular relaxed dependencies in weak memory concurrency. In Proceedings of the ESOP(Lecture Notes in Computer Science, Vol. 12075), Müller Peter (Ed.). Springer, 599–625. Google ScholarDigital Library
[50] Podkopaev Anton, Sergey Ilya, and Nanevski Aleksandar. 2016. Operational aspects of C/C++ concurrency. Retrieved from arxiv:1606.01400.Google Scholar
[51] León Hernán Ponce de, Furbach Florian, Heljanko Keijo, and Meyer Roland. 2018. BMC with memory models as modules. In Proceedings of the FMCAD, Bjørner Nikolaj and Gurfinkel Arie (Eds.). IEEE, 1–9.Google Scholar
[52] Pulte Christopher, Pichon-Pharabod Jean, Kang Jeehoon, Lee Sung Hwan, and Hur Chung-Kil. 2019. Promising-ARM/RISC-V: A simpler and faster operational concurrency model. In Proceedings of the PLDI, McKinley Kathryn S. and Fisher Kathleen (Eds.). ACM, 1–15. Google ScholarDigital Library
[53] Sarkar Susmit, Sewell Peter, Alglave Jade, Maranget Luc, and Williams Derek. 2011. Understanding POWER multiprocessors. In Proceedings of the PLDI, Hall Mary W. and Padua David A. (Eds.). ACM, 175–186. Google ScholarDigital Library
[54] Sewell Peter, Sarkar Susmit, Owens Scott, Nardelli Francesco Zappa, and Myreen Magnus O.. 2010. x86-TSO: A rigorous and usable programmer’s model for x86 multiprocessors. Commun. ACM 53, 7 (2010), 89–97. Google ScholarDigital Library
[55] Summers Alexander J. and Müller Peter. 2018. Automating deductive verification for weak-memory programs. In Proceedings of the TACAS(LNCS, Vol. 10805), Beyer Dirk and Huisman Marieke (Eds.). Springer, 190–209.Google ScholarCross Ref
[56] Svendsen Kasper, Pichon-Pharabod Jean, Doko Marko, Lahav Ori, and Vafeiadis Viktor. 2018. A separation logic for a promising semantics. In Proceedings of the ESOP(LNCS, Vol. 10801), Ahmed Amal (Ed.). Springer, 357–384.Google ScholarCross Ref
[57] Travkin Oleg, Mütze Annika, and Wehrheim Heike. 2013. SPIN as a linearizability checker under weak memory models. In Proceedings of the HVC(LNCS, Vol. 8244), Bertacco Valeria and Legay Axel (Eds.). Springer, 311– 326.Google ScholarCross Ref
[58] Turon Aaron, Vafeiadis Viktor, and Dreyer Derek. 2014. GPS: Navigating weak memory with ghosts, protocols, and separation. In Proceedings of the OOPSLA, Black Andrew P. and Millstein Todd D. (Eds.). ACM, 691–707.Google ScholarDigital Library
[59] Wickerson John, Batty Mark, Sorensen Tyler, and Constantinides George A.. 2017. Automatically comparing memory consistency models. In Proceedings of the POPL, Castagna Giuseppe and Gordon Andrew D. (Eds.). ACM, 190–204. Retrieved from http://dl.acm.org/citation.cfm?id=3009838.Google ScholarDigital Library
[60] Wright Daniel, Batty Mark, and Dongol Brijesh. 2021. Owicki-Gries reasoning for C11 programs with relaxed dependencies. In Proceedings of the FM(Lecture Notes in Computer Science, Vol. 13047), Huisman Marieke, Pasareanu Corina S., and Zhan Naijun (Eds.). Springer, 237–254. Google ScholarDigital Library

Index Terms

Unifying Operational Weak Memory Verification: An Axiomatic Approach
1. Theory of computation

Recommendations

Integrating Owicki–Gries for C11-Style Memory Models into Isabelle/HOL
Abstract
Weak memory presents a new challenge for program verification and has resulted in the development of a variety of specialised logics. For C11-style memory models, our previous work has shown that it is possible to extend Hoare logic and Owicki–...
Read More
Mechanised Operational Reasoning for C11 Programs with Relaxed Dependencies
Verification techniques for C11 programs have advanced significantly in recent years with the development of operational semantics and associated logics for increasingly large fragments of C11. However, these semantics and logics have been developed in a ...
Read More
View-Based Owicki–Gries Reasoning for Persistent x86-TSO
Programming Languages and Systems
Abstract
The rise of persistent memory is disrupting computing to its core. Our work aims to help programmers navigate this brave new world by providing a program logic for reasoning about x86 code that uses low-level operations such as memory accesses and ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Computational Logic Volume 23, Issue 4
October 2022
279 pages
ISSN:1529-3785
EISSN:1557-945X
DOI:10.1145/3565891
Editor:
Anuj Dawar
University of Cambridge, United Kingdom
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 20 October 2022
- Online AM: 27 June 2022
- Accepted: 15 May 2022
- Revised: 29 April 2022
- Received: 12 October 2021
Published in tocl Volume 23, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Weak memory models
axiom hierarchy
verification
Hoare logic
Owicki-Gries
Isabelle/HOL
Qualifiers
- research-article
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 5
  Total Citations
  View Citations
- 300
  Total Downloads
- Downloads (Last 12 months)121
- Downloads (Last 6 weeks)17
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Full Text

View this article in Full Text.

View Full Text

HTML Format

View this article in HTML Format .

View HTML Format

Unifying Operational Weak Memory Verification: An Axiomatic Approach

ACM Transactions on Computational Logic

Abstract

REFERENCES

Cited By

Index Terms

Recommendations

Integrating Owicki–Gries for C11-Style Memory Models into Isabelle/HOL

Mechanised Operational Reasoning for C11 Programs with Relaxed Dependencies

View-Based Owicki–Gries Reasoning for Persistent x86-TSO