Persistent Owicki-Gries reasoning: a program logic for reasoning about persistent programs on Intel-x86

Raad, Azalea; Lahav, Ori; Vafeiadis, Viktor

doi:10.1145/3428219

Cited by 17 publications

(10 citation statements)

References 54 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As such, existing verification techniques for TSO/Px86 sim can be used to reason about such Ex86/PEx86 programs, e.g. the program logics of OGRA [Lahav and Vafeiadis 2015] and POG [Raad et al 2020a], as well as the model checkers Nidhugg [Abdulla et al 2015a] and GenMC [Kokologiannakis et al 2019b]. Moreover, the full Ex86/PEx86 models (including non-temporal writes and all memory types) both meet the conditions stipulated by GenMC; as such, the Ex86 (resp.…”

Section: Concurrent Persistency Examplesmentioning

confidence: 99%

“…This can be achieved when the processor under test is a component of a system-on-chip (SoC) FPGA [Jain et al 2018]. Lastly, we will develop verification techniques for Ex86 and PEx86, including program logics such as those of [Dalvandi et al 2020;Vafeiadis 2016, 2017;Kaiser et al 2017;Raad et al 2020a;Turon et al 2014;Vafeiadis and Narayan 2013], and stateless model checking [Kokologiannakis et al 2021[Kokologiannakis et al , 2019aKokologiannakis and Vafeiadis 2020]. The latter would allow us to verify an Ex86/PEx86 program by exhaustively generating its executions and inspecting them for consistency/persistency violations.…”

Section: Related and Future Workmentioning

confidence: 99%

See 1 more Smart Citation

Extending Intel-x86 consistency and persistency: formalising the semantics of Intel-x86 memory types and non-temporal stores

Raad

Maranget

Vafeiadis

2022

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

Existing semantic formalisations of the Intel-x86 architecture cover only a small fragment of its available features that are relevant for the consistency semantics of multi-threaded programs as well as the persistency semantics of programs interfacing with non-volatile memory. We extend these formalisations to cover: (1) non-temporal writes, which provide higher performance and are used to ensure that updates are flushed to memory; (2) reads and writes to other Intel-x86 memory types, namely uncacheable, write-combined, and write-through; as well as (3) the interaction between these features. We develop our formal model in both operational and declarative styles, and prove that the two characterisations are equivalent. We have empirically validated our formalisation of the consistency semantics of these additional features and their subtle interactions by extensive testing on different Intel-x86 implementations.

show abstract

Section: Concurrent Persistency Examplesmentioning

confidence: 99%

Section: Related and Future Workmentioning

confidence: 99%

Extending Intel-x86 consistency and persistency: formalising the semantics of Intel-x86 memory types and non-temporal stores

Raad

Maranget

Vafeiadis

2022

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

show abstract

“…We believe that our framework has a great potential to lower the high cost of crash consistency verification because its stable nature unifies code for normal and recovery executions. We will realize our framework's potential for lower-cost crash consistency verification by (1) designing a separation logic for PM by recasting the idea of a rely-guarantee logic for PM [49] in the Iris separation logic framework [4] on top of the Coq proof assistant [2]; (2) designing reasoning principles for detectable operations with mementos in the proposed separation logic; and (3) verifying detectable DSs.…”

Section: Future Workmentioning

confidence: 99%

Practical Detectability for Persistent Lock-Free Data Structures

Cho¹,

Jeon²,

Kang³

2022

Preprint

View full text Add to dashboard Cite

Persistent memory (PM) is an emerging class of storage technology that combines the benefits of DRAM and SSD. This characteristic inspires research on persistent objects in PM with fine-grained concurrency control. Among such objects, persistent lock-free data structures (DSs) are particularly interesting thanks to their efficiency and scalability. One of the most widely used correctness criteria for persistent lock-free DSs is durable linearizability (Izraelevitz et. al., DISC 2016). However, durable linearizability is insufficient to use persistent DSs for fault-tolerant systems requiring exactly-once semantics for storage systems, because we may not be able to detect whether an operation is performed when a crash occurs.We present a practical programming framework for persistent lock-free DSs with detectability. In contrast to the prior work on such DSs, our framework supports (1) primitive detectable operations such as space-efficient compare-and-swap, insertion, and deletion; (2) systematic transformation of lock-free DSs in DRAM into those in PM requiring modest efforts; (3) comparable performance with non-detectable DSs by DRAM scratchpad optimization; and (4) recovery from both full system and thread crashes. The key idea is memento objects serving as a lightweight, precise, and per-thread checkpoints in PM. As a case study, we implement lockfree and combining queues and hash tables with detectability that outperform (and perform comparably) the state-of-the-art DSs with (and without, respectively) detectability.

show abstract

“…Such methods may include automated checking by approximation [7], layered interactive verification in the style of [18,25], and formal logics as the one in [24]. Similarly, developing formal methods and tools that allow using library specifications for client reasoning it is left for future work, including decidable reachability analysis [2], program logics [27], and principled testing [13]. Proof.…”

Section: A Buffered Durable Pairmentioning

confidence: 99%

Abstraction for Crash-Resilient Objects (Extended Version)

Khyzha¹,

Lahav²

2021

Preprint

Self Cite

View full text Add to dashboard Cite

We study abstraction for crash-resilient concurrent objects using non-volatile memory (NVM). We develop a library correctness criterion that is sound for ensuring contextual refinement in this setting, thus allowing clients to reason about library behaviors in terms of their abstract specifications, and library developers to verify their implementations against the specifications abstracting away from particular client programs. As a semantic foundation we employ a recent NVM model, called Persistent Sequential Consistency, and extend its language and operational semantics with useful specification constructs. The proposed correctness criterion accounts for NVM-related interactions between client and library code due to explicit persist instructions, and for calling policies enforced by libraries. We illustrate our approach on two implementations and specifications of simple persistent objects with different prototypical durability guarantees. Our results provide the first approach to formal compositional reasoning under NVM.

show abstract

Persistent Owicki-Gries reasoning: a program logic for reasoning about persistent programs on Intel-x86

Cited by 17 publications

References 54 publications

Extending Intel-x86 consistency and persistency: formalising the semantics of Intel-x86 memory types and non-temporal stores

Extending Intel-x86 consistency and persistency: formalising the semantics of Intel-x86 memory types and non-temporal stores

Practical Detectability for Persistent Lock-Free Data Structures

Abstraction for Crash-Resilient Objects (Extended Version)

Contact Info

Product

Resources

About