Verifying a Concurrent Garbage Collector Using a Rely-Guarantee Methodology

Zakowski, Yannick; Cachera, David; Demange, Delphine; Petri, Gustavo; Pichardie, David; Jagannathan, Suresh; Vítek, Jan

doi:10.1007/978-3-319-66107-0_31

Cited by 8 publications

(12 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Gammie et al [5] verify a detailed model of a state-of-the-art concurrent mark-and-sweep collector in Isabelle/HOL, with respect to an x86-TSO memory model. A related effort by Zakowski et al [20] uses Coq to verify a concurrent mark-and-sweep collector expressed in a purpose-built compiler intermediate representation rather than the pseudocode of Gammie et al, although Zakowski et al verifies theirs with respect to an interleaving semantics.…”

Section: Discussion Of Related Workmentioning

confidence: 99%

A Verified Generational Garbage Collector for CakeML

2018

View full text Add to dashboard Cite

This paper presents the verification of a generational copying garbage collector for the CakeML runtime system. The proof is split into an algorithm proof and an implementation proof. The algorithm proof follows the structure of the informal intuition for the generational collector's correctness, namely, a partial collection cycle in a generational collector is the same as running a full collection on part of the heap, if one views pointers to old data as non-pointers. We present a pragmatic way of dealing with ML-style mutable state, such as references and arrays, in the proofs. The development has been fully integrated into the in-logic bootstrapped CakeML compiler, which now includes command-line arguments that allow configuration of the generational collector. All proofs were carried out in the HOL4 theorem prover.

show abstract

Section: Discussion Of Related Workmentioning

confidence: 99%

A Verified Generational Garbage Collector for CakeML

2018

View full text Add to dashboard Cite

show abstract

“…Using the Coq proof assistant, we achieved the following: (i) formalizing the syntax and semantics of RtIR and the soundness of an associated RG program logic, (ii) a number of tactics and structural lemmas to facilitate the so-called stability proofs required by the RG methodology, (iii) a realistic implementation of Domani et al's algorithm [8] in RtIR and (iv) an RG proof ensuring that the collector never frees references accessible by the running threads. Our formal development is available online [42].…”

Section: Verifying a Concurrent Garbage Collector With A Rely-guarantmentioning

confidence: 99%

“…Describing the algorithm and code in full details is out of the scope of this paper. We refer the reader to [8] and to the formal proof [42] for details.…”

Section: Main Theoremmentioning

confidence: 99%

See 1 more Smart Citation

Verifying a Concurrent Garbage Collector with a Rely-Guarantee Methodology

et al. 2018

Self Cite

View full text Add to dashboard Cite

Concurrent garbage collection algorithms are a challenge for program verification. In this paper, we address this problem by proposing a mechanized proof methodology based on the Rely-Guarantee proof technique. We design a compiler intermediate representation with strong type guarantees, dedicated support for abstract concurrent data structures, and high-level iterators on runtime internals. In addition, we define an Rely-Guarantee program logic supporting an incremental proof methodology where annotations and invariants can be progressively enriched. We formalize the intermediate representation, the proof system, and prove the soundness of the methodology in the Coq proof assistant. Equipped with this, we prove a fully concurrent garbage collector where mutators never have to wait for the collector.

show abstract

“…One major challenge in this landscape is the verification of an executable runtime system for such languages and an emblematic runtime service is garbage collection. In [31], we recently presented a Coq formalization of a fully concurrent garbage collector, where mutators never have to wait for the collector. This work and other similar proof efforts [25,10,9,7,8,11,12] are important stepping stones towards a realistic, Our approach in [31] is based on a dedicated intermediate representation (IR) that features strong type guarantees, dedicated support for abstract concurrent data structures, and high-level iterators on runtime internals (e.g.…”

Section: Introductionmentioning

confidence: 99%

Verified compilation of linearizable data structures

Zakowski

Cachera

Demange

et al. 2018

Proceedings of the 33rd Annual ACM Symposium on Applied Computing

Self Cite

View full text Add to dashboard Cite

Compiling concurrent and managed languages involves implementing sophisticated interactions between client code and the runtime system. An emblematic runtime service, whose implementation is particularly error-prone, is concurrent garbage collection. In a recent work [31], we implement an on-the-fly concurrent garbage collector, and formally prove its functional correctness in the Coq proof assistant. The garbage collector is implemented in a compiler intermediate representation featuring abstract concurrent data structures. The present paper extends this work by considering the concrete implementation of some of these abstract concurrent data structures. We formalize, in the Coq proof assistant, a theorem establishing the semantic correctness of a compiling pass which translates abstract, atomic data structures into their concrete, fine-grained concurrent implementations. At the crux of the proof lies a generic result establishing once and for all a simulation relation, starting from a carefully crafted rely-guarantee specification. Inspired by the work of Vafeiadis [28], implementations are annotated with linearization points. Semantically, this instrumentation reflects the behavior of abstract data structures.

show abstract

Verifying a Concurrent Garbage Collector Using a Rely-Guarantee Methodology

Cited by 8 publications

References 32 publications

A Verified Generational Garbage Collector for CakeML

A Verified Generational Garbage Collector for CakeML

Verifying a Concurrent Garbage Collector with a Rely-Guarantee Methodology

Verified compilation of linearizable data structures

Contact Info

Product

Resources

About